Slashdot Mirror

← Back to Stories (view on slashdot.org)

IETF to Look at Spam

Posted by CmdrTaco on from the could-this-be-the-end-of-smtp dept.

m00nun1t writes "CNET has an article about the Internet Engineering Task Force (IETF) looking at what they can do about spam. According to the article, many of the proposals seems to "require changes in basic e-mail technology", which presumably means SMTP (and about time!). Maybe they are looking beyond just SMTP - anyone have any insights here?"

2 of 200 comments (clear)

  1. hooray by collapser · · Score: 2, Interesting

    at last I will know to where in Nigeria I should go!

    seriously tho. even if it is all legal-ified and I'D correctly, there will still be such things as ticking the little box to say you dont want any spam from service X,Y, and Z.
    In fact, the way online revenues are going i can see recieving /solicited/ spam as being the only way you will be able to read salon. if it's still going by then.

    it would be nice(?) to have a better system but I never forget the age old adage of no system being tamperproof. Lots of enterprising folks enjoy anonymity for non-spam purposes, so naturally some form of workaround should emerge fairly quickly.
    oh lord i'm sounding like Toffler.

    --
    <B>note to self:</B> <I>post as html</I>
  2. Authenticated SMTP by Anonymous Coward · · Score: 5, Interesting

    The technology exists, off the shelf, today.

    There is a SMTP command called STARTTLS which will enable SMTP over SSL. It's defined in RFC 2487. Sendmail supports it with a compile-time option, and so do most other MTAs. It's backwards compatible with normal SMTP.

    You will need a certificate, of course.

    This has 2 big effects:

    - encryption of email in transit between SMTP servers (a nice bonus)
    - authentication of SMTP servers

    Since sending spam isn't illegal in most jurisdictions, knowing WHO sent the spam (or relayed it) allows you to contact them and complain, threaten and retaliate (mailbomb, portscans, DDOS, etc.)

    If you receive email from a host authenticated by versign (or whoever), you apply little filtering.

    If you receive email from a host not using ssl, it goes into a queue for maximum filtering.

    Much of the spam I receive today is from DSL customers who spew directly.

    Downside:
    - there will be additional CPU load for all the email servers
    - cost of certificates