SendMail CTO Sounds Off On Spam and FTC
CowboyRobot writes "Eric Allman takes his well-deserved turn in commenting on the state of spam, the dark future, and the need for intervention.
He calls spam an "arms race" where "in the long run everyone loses (except the arms dealers)."
As you might imagine, he's on our side, and he does a good job of clearly describing the current state of spam, and the possible solutions."
Isn't he one of them?
Forget thrust, drag, lift and weight. Airplanes fly because of money.
Is this really necessary to post a different article every day of someone in our field who agrees spam is bad? It's like there's a template for every article on slashdot about spam:
CEO of [NAME] reported today that SPAM is [GOOD|BAD] and recommends [LEGISLATION|CRACKING DOWN|PRODUCT].
There are enough freely available working solutions out there now that work with Mr. Allman's product (such as DSPAM and BogoFilter) where we really have gotten to the point where we can quit complaining about spam and actually succeed in the high 99% at stopping it. If everyone quit whining and installed one of these tools, nobody would get spam, and the spammers would be out of business.
Sendmail, promiscuous relay for all, Sendmail, providing remote root access since Day 1 on the Internet, Sendmail, of the indecipherable rules file , is on "our side" ? Are they even relevant except for inertia?
Lets talk to DJB, to Wietse Venema, to the MS Exchange developers first, before giving soapbox time to some suit.
I want to delete my account but Slashdot doesn't allow it.
spam - and what defines spam - isn't the pertinant question. The important fact is that spammers exploiting SMTP make 'opting out' impossible.
There is too much assumed honesty in SMTP.
Yes, it was a key factor in getting everything going, and yes, its beauty is in its simplicity.
however, much like open relays, this assumed honesty has outlived its usefulness. It is being corrupted to a degree unforseeable by the original protocol architects, and it is time for something new.
I don't pretend to know the specifics to building a secure, unexploitable system. And it would almost certainly be a messy conversion. That shouldn't mean that it isn't worth doing.
Let each user and ISP decide for themselves what spam is. But we need a secure email system so that when Spam is identified, that particular sender can be effectively blocked.
// "Can't clowns and pirates just -try- to get along?"