Slashdot Mirror
AOL Will Not Support Sender-ID
DominoTree writes "America Online said Thursday that it will not support the Microsoft-backed antispam technology called Sender-ID. The online giant cited 'lackluster' industry support and compatibility issues with the anti-spam technology SPF that AOL supports."
For once...
I'm confused.
It seems this is (almost) universally being voted down, it's time to give up and not implement this. There must be a better way to solve this, and I'm not surprised MS came up with this one!
CB--->
free ipod and free gmail!
I find it quite amusing on how AOL is sometimes caught sleeping with Microsoft (like IE in AOL) yet other times it pretty much pretends like they want nothing to do with them. You'd think that AOL is big enough to where they can honestly tell Microsoft to "Shove It" without any big consequences.
With this single decision AOL will disenfranchise a whole underclass of society.
Sender ID Framework
I thought AOL loved blackholing everyone's email from the outside. It already happens over half the time that I reply to an email tech support request from an AOL member. They say I'm not in their address book, so I can't respond despite them having contacted me first.
As a sys admin for a large hosting provider aols anti spam policy has been great at reducing the amount of crap email being sent through thier servers. Over the years its dropped a massive amount so anything that AOL does to fight spam is a bonus to the world as they are such a large part of the "internet".
;)
Unfortunatly there are thousands of ISPs that dont take SPAM as seriously as what AOL does. Realistically this is something that doesnt come as a suprise to many people that have been following the anti-spam developments closly. You cant blame AOL for having a service that is computer illiterate friendly despite your own experiences.
Everyone has the freedom to choose thier provider. Personally Im never going to use them.. but hey the option is there if you ever do want it. and if you do sign up you can live with less spam
From reasons of lack of support and lack of backward compatibility. Wow, AOL was (is?) paying attention:
"The online giant cited "lackluster" industry support and compatibility issues with the antispam technology SPF, or Sender Policy Framework, that AOL supports.
AOL's moves come days after the Internet Engineering Task Force standards body voted down the Sender ID proposal. The IETF said Microsoft's decision to keep secret a patent proposal for the technology was unacceptable. Open-source groups also pulled their support of Sender ID, claiming its licensing restrictions were too strict. AOL agreed with the IETF fallout and added its own reasoning.
"AOL has serious technical concerns that Sender ID appears not to be fully, backwardly-compatible with the original SPF specification--a result of recent changes to the protocol and a wholesale change from what was first envisioned in the original Sender ID plan," AOL spokesman Nicholas Graham wrote in an e-mail."
CB_===__-8a90fuds76
free ipod and free gmail!
SPF is just as effective as Sender-ID for the general internet and is MUCH easier to implement. I am a consultant for quite a few small non-profits and so far I haven't charged any of them for setting up SPF records since it's generally a 2 minute process to create the record (at the most), and an email or a 2 minute phone call to their DNS provider. Sender-ID would force me to do some actual work which would in turn cost my customers money.
There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
Especially when I bundle it with Longhorn/IE and no one can recieve a email from a AOL person without it.
Mualllllaaa!!!!! I win!!!!
Gates
Okay, so setting up SPF records aside, have you actually modified their mail servers to do anything with incoming SPF data? As someone who hosts a few domains on a box, I'm very very hesitant to modify Mimedefang to drop messages that fail SPF, because a few people have .forward files on other boxes that point at me.
Has anyone solved the .forward problem with SPF yet?
Well, I'm glad that people like it the second time around. Would be good if I got credit up front!
A firewall can not protect you from yourself. Turn off what you do not need. Do not use the firewall to do your work.
It'd been known early on from Microsoft legal that they would "rather see Sender ID die than back down on their patent claims". Sender ID is going nowhere.
Publishing SPF records does exactly what AOL needs. Specifically it reduces the number of joe-jobs directed at its clients. As more mail servers are set up to check these records, the better it gets for them.
What does implementing Microsoft's Caller-ID have to offer in addition to AOL's subscribers?
THIS THING CAN TURN ON A DIME, MACROSSZERO STYLE ALSO FUCK BETA, ~NYORON
IT was MY POST that was STOLEN!
A firewall can not protect you from yourself. Turn off what you do not need. Do not use the firewall to do your work.
I think ISP's should take more responsability for their users.
Obviously the spammers, and DoSers have an ISP, and if their ISP were punished by upstream providers for allowing their network to emit this kind of crap, by blocking them until the problems are solved, maybe they'd use some initiative to solve these problems.
I do understand that most DoSers are not the fault of the user, but surely the ISP could notify the user, and force them to do something about it.
All these differing approaches to the same problem. It seems to me like trying to shove oatmeal into a sprung leak.
Maybe it's time to simplify.
dump email all together in the corporate environment and opt instead for a more secure solution based on PKI or kerberos or any other host of security structure.
If some contact absolutely needs to receive something via email, no problem. "We will gladly send you an email, but you just can't send us one. Unless, of course, you wish to send it to an employee's private email adress; we don't accept email internally anymore."
"Sorry mr. corporate contact, you must log in to our site www.dmail.company.com and submit messages that way. We have had too many problems with spam and viruses.
there is a nice, lightweight client you can install if you don't wish to log in every time."
It seems to me it wouldn't be that difficult to use a non-email solution for your corporate mailing needs (like the aforementined dmail which i've been hearing so much about), and if another company's IT department can't handle that light technical strain, then it would seem that IT department needs a wake up call.
where are the flaws in this reasoning?
Graham added that while AOL will not check Sender ID for inbound messages, it will still publish records for outbound e-mail.
THIS THING CAN TURN ON A DIME, MACROSSZERO STYLE ALSO FUCK BETA, ~NYORON
I may hate AOL, but I have to admit that if they aren't going to support it, then Sender-ID is dead.
Technoli
Maybe AOL wants to avoid that USPS follows the MS steps and cut the AOL spam with those "free internet" CDs. Being a widely known spamers, why would they support something against them? God! I'm tired of throwing AOL CDs, what a waste of... trash bags.
When will Microsoft just say, "Oh look, honest interoperability is easier than wrestling for control all the time"? Could that happen? It just makes sooo much sense.
This is a little OT... I'd actually like to hear a proponent of SPF deal with the complaints made about it here.
I myself have no opinion. I haven't admined a mail server in over 2 years and I am woefully not up on this subject.
Think for yourself, destroy your television.
SPF marks email so that when you get an email that claims it is FROM an AOL member you can tell if it really does or not. It will not prevent AOL from getting Spam but it will prevent you from getting it from AOL or disguised as coming from AOL.
And this doesn't prevent Spam. It prevents job jobs. If a spammer is willing to ID the domain his mail comes from and not spoof he can Spam you all he wants. Course with a legitimate domain name/IP# you can blacklist him too.
Slashdot, home of supporters of free software, free music, and free speech.Except for Moderators that disagree with you.
In this case I'd say the decision was made from the business perspective. AOL could either fall in line and attempt to break away and make billions off their own patent if it succeeds. This so-called 'lackluster' support is probably nothing more than excuse from AOL to prop up their own versions.
In the end no single solution will work unless the vast majority of servers implement and maintain the solution. There is no use if only AOL or MSN implement a solution for spam. they "may" be 40million users or so but i know personally I dont email anyone @aol.com or @hotmail.com because im a geek and I have geek friends with thier own servers. There needs to be a mass adoption of a good standard to make any difference to the spam problem.
You don't need to make fun of AOL, they do it to themselves...
Plus AOL users take it personally and I don't want a crazed redneck chasing me with a shotgun.
If I point out that you are incorrect, making me a foe does not make you any more correct.
It's not that it is from MicroSoft, not that it's patented, but that it's patented with a special license and it has unclear specification. The current license does not allow the transfer of the rights to a third party - therefore making it unimplementable on GNU Public Licensed programs. GPL requires that any modifications must be passed on for free (if ever want to pass it on), and MS license doesn't allow copying the source code and the license. Therefore, you can't implement Sender-ID for anyone else but for yourself.
Also that wiggle room around the specification is an alarming thing. MS - with many other companies - have shown that any gaps in the specification can and will be used by companies in competition. Given a chance, suppliers will make their product incompatible with other suppliers' products if they have the market share - thus increasing their market share further.
If we give them the power to choose what programs can deliver mail in the Internet, who are we going to blame but ourselves if they want to (ab)use that power? Instead, if they break an existing standard we can point our finger at them and say that their product does not meet the standard and therefore it's their fault that interoperability fails.
?SYNTAX ERROR
Part of the issue is that Sender-ID doesn't offer a whole lot that we don't already have with SPF.
However, the license is incompatible with the licenses used on virtually every mail server out there, and the implementation is significantly more complex.
Give a man a fish, he'll eat for a day, but teach a man to phish...
Lots of those 'morons' are customers so people need to send mail to AOL.
Reading between the lines it's only a matter of time before AOL stops accepting mail from domains that don't publish SPF records. They already reject mail if your reverse DNS doesn't resolve. They're publishing their own too:Good for them.
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
The problem is that MS's terms for licensing their patents to specification implementors specifically forbids any use by GPL or similarly free licenses. See the GPL is MS's biggest enemy and they are trying to kill it on every front. For example, it is against the licensing conditions of Visual Studio 7 to produce GPL'd software with it. How did they manage this? By introducing a new standard C runtime library, MSVCR71.dll, which can only be distributed under MS' terms. Oh. And it won't be distributed with the OS anymore, so anyone using VC7 is forced to comply with the licensing terms of the runtime itself.
So the problem with patents is that MS *is* starting to mobilize them as offensive weapons against open source in general, and the GPL specifically.
ROFL!!!
:)
the first whiny co-worker tomorrow gets that link set as their homepage
Iv never understood the general anti-aol viewpoint of the slashdot community. Think about it, aol allows computer dumb people to use computers. When computer dumb people use the computers two things happen. They break the computers (which gives you a way to get some extra cash) and they eventualy get better at computers, which makes new slashdoters. Im not ashamed to admit that I at one point I used aol, thankfully those times are over...
Well for better or for worse, if AOL rejects it, that's pretty-much it in my opinion. AOL is probably the most well-known email service on the planet. I wouldn't know who is the biggest or best, but AOL has GOT to be the most famous. Microsoft would have done well to court AOL first... oh well. :)
So which future standard do you want to quash today?
Update SMTP for the new millenium.
I've never been a Mac fan, and I'll probably never buy one, but since it's a completely different non-windows OS, and runs different core software like browsers - it's good for the whole.
The more people that use Macs, the more people that will be browsing web sites without IE, and the more websites that won't rely on IE-only functionality.
Truthfully though, it hasn't been a problem running Mozilla for 98% of the sites I visit. And I don't only visit sites like Slashdot - I go to a lot of sites that the masses visit as well. No browser string faking, no activeX plug-ins. Just straight Mozilla, and it works great.
All we need to do is chisel down those last 2% and we'll be living large.
With all the visible security problems in Windows and IE these days - more and more people are getting sick and tired of it. Some people are seeking alternative Browsers, more every day. It's not the obscure security bugs that people care about or even know about it's the ones that allow spyware to be installed causing them to have to call friends, family, support people and generally have a terrible time using their computers.
So.. GO MACS! And.. GO IE BUGS!
- It's not the Macs I hate. It's Digg users. -
http://www.apache.org/foundation/docs/sender-id-po sition.html
http://lwn.net/Articles/100873/
http://lwn.net/Articles/100659/
http://arstechnica.com/news/posts/20040902-4153.ht ml
http://news.netcraft.com/archives/2004/09/02/apach e_rejects_sender_id_proposal.html
All I can say is thank God myself as a small webhost is being backed by such an Internet access giant as AOL is.
:)
I suddenly dont feel so bad for installing AIM to talk to strange women
I feel that what microsoft is looking to punish the witness for what the criminal has done with, although I may be wrong, the intention of profiting off the witness while making the victim feel they, being MS, are trying to helping them out.
Is it REALLY a lot of new customers these days? What with all those free coasters and all, I really don't think the desktop icon means that much. There must be something else.
Like browser mods and and the fact that as we all know, (at least if you know ANYTHING about Windows API and Windows app development), all things in Windows including the browser and the file navigator, they are all "windows". Even Outlook is a "window". If AOL wants to integrate into Windows (which 99% or more of ALL AOL customers use) seamlessly, they HAVE to use IE.
"Who are in control, they are not in control of anything - they don't even control themselves!" - Glen Beck
IETF really screwed themselves with this post. The patents were posted today by the patent office. http://www.imc.org/ietf-mxcomp/mail-archive/msg048 44.html
and http://appft1.uspto.gov/netahtml/PTO/search-bool.h tml
and type 684020 for Application Serial Number in field1.
Now the IETF engineers have to pretend they are patent lawyers. Of course they couldn't have said that they were rejecting it because people didn't like the license -- the license does all the things that the IETF requires.
Why not use AMTP instead of all these kludgy SMTP extensions/workarounds?
Sender ID and SPF can positively prove that a message came from a domain, but can't prove it didn't come from a domain -- they don't stop forgery. The technologies ignored the fundamental architecture of email (store and forward instead of point to point), and in the process left a glaring hole for spammmers to use. How do you forge an email in the Sender ID/SPF world? You pretend that you forwarded it legitimately. In Sender ID with PRA, the spammer simply adds a Resent-From header. In SPF, the spammer makes the Envelope-From something different than the body From:. Both SPF and Sender ID leave these cases for the spam filters to figure out. If the spam filters can't figure it out today, there is no reason to believe they will figure it out tomorrow. We need a crypto solution to solve this correctly. How is domainkeys doing?
"America Online Inc. on Thursday shunned a Microsoft Corp. proposal to help weed out unwanted "spam" e-mail because Internet engineers are reluctant to adopt technology owned by the dominant software company."
What? Since when did AOL reject it just because it's owned by Microsoft?
Link to the article...
For once AOL does something the media should be praising it for, yet they're practically insulting AOL publically...
"...would not adopt Microsoft's SenderID protocol because it has failed to win over experts leery of Microsoft's business practices."
I wonder if I'm the only one getting painfully tired of the way the news media paraphrases and misrepresents peoples'/groups' positions...
[aol mail voice] "OMGWTF L4m3r! W4||h4ck f4gz!" [aol mail voice]
I like big butts and I cannot lie.
I'm afraid it's someone else who must get real. MS, as any other company, is required to extract as much profit as possible from any and all assets it owns, or else shareholders will file a lawsuit. This happens.
Besides, why MS would not do that? They can do it in a smart way - provide Windows users with a free license, and everyone else has to pay $1000 per license. Where will Linux or BSD be there? Who will be using these OSes for mail transfer? Hardly anyone, that's who.
You must look beyond your nose to see the danger, and it must be said "no" while it is still possible.
IIRC they are pretty spammer-friendly.
I'm sorry if I haven't offended anyone
Even the big guys have limits on what they can do. Most companies, not being of Walmart's size, can't go as far and need to be more accomadating.
If you think something like banning e-mail will work for your bussiness, well go ahead and try, but don't be supprised if no one will deal with you.
ideal; model tiny; codeseg; org 100h; start: cli; hlt; ret; ENDS; END start
It's hardly surprising that some people aren't sure how to feel about AOL sometimes. On one hand, they adopt IE or kill some promising project and get hisses and boos. On the other, they occasionally support or initiate a nifty open source project, or take a position we're prone to like.
Seems to me... and I'm hugely guessing here... that there's two factions in AOL to consider. The tech people, and then marketing/legal/etc. The tech people can sometimes (not always) do some stuff that benefits people, and probably mean well in general in any case. As long as something remains under the radar of the rest of AOL's bunch, and/or results in lots of positive P.R., it lives. But if the legal department or someone panics, well... we all saw what happened to Nullsoft's gnutella implementation, initially. And AOL is kinda flip-flopping where Netscape is concerned, I think.
In this case, the tech guys over there probably pretty much had a lot of sway over the Sender-ID thing. The lawyers, marketing people, et al. have far more important things to worry about, I presume.
We insult AOL for years and no you're praising it? You'd think the fact that AOL doesnt support something would mean that something was good. Considering AOL doesnt support intelligence
I haven't been with AOL in years (yet they still send me their CDs which I scratch up and throw away on sight) yet a while back I had to ride out a flood of phish emails due to a compromise at eBay quite a while back. Added to that, all the malware-by-email I used to get was because email-based malware scraped email address from the victim's computer system (someone else other than me) or had its own built-in 'dictionary attack' email address generating engine.
AOL is great for internet newbies. Once you become 'net savvy', get away from them, ASAP!!!
PS: You might want to 'lock in' your long distance phone provider before you sign up with them. I have first-hand knowledge of AOL 'slamming' people who try out their online service....
Someone here on Slashdot mentioned DomainKeys as an antispam solution.
It won't work!
Cryptography costs time and money to use! Just look how long it takes to bring up a secured webpage (HTTPS)....
Now imagine if the entire World Wide Web was that way....
Not everybody on the internet have the fastest systems available for use. Even then, such systems would be overwhelmed by all the crypto they have to do in order to process email using the DomainKeys system.
Instead of time consuming crypto, why not use fast, simple, effective spam filtering like my approach.
AOL's employees spend a decent amount of their time giving out their customer's contact info to spammers, they certainly aren't going to bother trying to actively block spam.
"Can Microsoft ever win here? Are they always evil no matter what they do?"
If they'd made this an open standard by using a lesls restrictive license, we'd be cheering Microsoft on. They didn't, so they're the bad guys.
Microsoft aren't always the bad guys - they're often the victims of bad IP lawsuits. But in this particular instance, they are.
"Do you honestly believe thay'd start charging royalties on every email sent or something crazy like that?"
The aim of the game is to 'decommodotize standards' Microsoft was attempting to build a standard which would need to be used by everybody, slap some form of patent on it, and then lock out the people they were competing with, in this case, anyone using copyleft licenses.
The strategy was described by Microsoft in a document which was leaked to the public and appears on the OSI website here
Quote:
"OSS projects have been able to gain a foothold in many server applications because of the wide utility of highly commoditized, simple protocols. By extending these protocols and developing new protocols, we can deny OSS projects entry into the market."
Having finally persuaded my ISP that = (equals) is a valid character in a TXT record I was able to publish my own SPF records.
Based on a sample size of 1 I'd like to suggest that spammers don't joe-job domains with restrictive SPF records. That makes sense. We already know spammers know about (and use) SPF records. It make sense for them not to use a domain that will be blocked by any SPF aware mail recipient.
The fantastic news for me is that instead of 8,000+ bounces from joe-jobs flooding my mail server each day (imagine how many more emails are delivered or blocked by spam filters), since publishing my SPF records that has completely stopped.
Why am I such a target? I notice that the more often I report to SpamCop the more often I am targetted, but the heavy waves seem to have coincided with increased awareness of an anti-spam SMTP filter I wrote. I guess my work got noticed. Just a guess though.
Recycle PCs and build a wireless community network www.hillsborough.org.nz
Your software doesn't appear to give much in the way of details as to how it works. Coupled with the rather childish URL you provide, it's very difficult to take it seriously at all...
I appreciate you taking the time to respond.
Think for yourself, destroy your television.
I've just been using the SPF setup wizard to generate the SPF TXT addition, and it occured to me that this isn't necessarily going to stop Joe Jobs on small companies.
My domain and mail is handled by my host, with one mail server sending mail for multiple domains (mine and other people who have an account with the host). The reverse DNS lookup for the mail server give the server's name (myhost.com) and not my domain's (mydomain.com) as it's shared, so mail from mydomain.com only has to come from myhost.com to be vailidated. It would therefore be trivial for someone to set up an account with my web host, and they would then be able to Joe Job me.
I know it's only cheapo hosting, but the small one man bands who are vulnerable to Joe Jobbing may be using this exact setup. And yes, it would cost you money to set up the account, but if you were setting out to deliberately harm a competitor it's negligible. Or have I misunderstood something somewhere?
Microsoft have their marketing organised alright, but not their diplomacy.
Your approach to describe your approach sucks
Now, how DOES it work? 1. Being hostile is not a proper description of an algorithm. 3. What are the nominal conditions? Not receiving anything?
CONCLUSION: Bullshit-O-Meter says: Stay away from that, it's probably a trojan or something similar.
Move Sig. For great justice.
Detailed explanation of my solution to unwanted email.
'http://www.cf13.com/i-solved-the-email-spam-and-
Sell a small program for $1 that includes the library, and ship the GPL'ed program on a disk with it.
A lot of GPL software uses visual studio 7. The reason for using MSVCR71 (and MSVCR70 that preceded it) was entirely technical - they're not binary compatible.
.net runtimes for a while) so they're now officially part of the OS anyway - although it's arguable that they always have been.
Both of these now ship with XP SP2 (and they have been in the
Always cracks me up when GNU hippies go on about how music sharing is not theft, but this unattributed posting IS.
I instantly visualized two ugly, fat girls, fighting over the last piece of cake.
-- www.globaltics.net
Political discussion for a new world
Ref: http://www.imc.org/ietf-mxcomp/mail-archive/msg04
Why doesn't every ISP just use ASK (Active Spam Killer)? Its idea is pretty good, and I think it'll block 99% of spam. If else, because if you send 50000 spam mails, you get 50000 spam mails back to you (and many spammers have un-existant email addresses).
Mr. ISP Admin, if you're reading this, try it out and see if it doesn.t work. ;-)
42.
News stories == press releases in disguise.
One glaring, recent example:
378 Terabytes Of Star Wars on 600 G5s
Verdict: A free ad for LucasFilm and a free ad for Apple
Case in point:
Looking at the current stories listed on the Slashdot.org homepage, did these known for-profit companies 'buy an ad' to be featured in a news story on the Slashdot.org home page?
AOL
Microsoft
Perhaps the two companies above purchased advertising to appear on Slashdot in the past....
Properly written news stories are primarily news first and advertising a serendipidous second. The rule of thumb is that 'if your press release reads like an ad, it needs to be rewritten' and that good press releases 'answer the who, what, when, where, why, and how questions'.
Also, the goal of press releases is to inform. The goal of advertising is to persuade.
Which do you prefer? Information or manipulation?
Slashdot's ad rates are $CALL--you have to contact a marketing representative to get them.
Remember the old saying?
Since when is Microsoft known to make sense? :P I totally agree though; if they all worked together towards one universal solution, things could be done much quicker, much more efficiently and more reliable. But then MS (or AOL, or Yahoo) won't hold the monopoly on that and probably won't be able to charge (as much) money for it. I think they thought about that idea, but then arises the obvious question: whos idea will be used? Every one of them is trying to make their solution the standard. Especially since when this will work (i have no doubt about the 'if' part), it'll be such a huge claim (*the* final solution for spam), that whoever came with the idea will be popular forever .... Well, at least until the next generation of spam arrives that somehow finds a way to defeat their solution.
Regardless of your opinion of MS's involvement in this idea, does AOL's take on it really matter to anyone?
Right up there at the top of my blacklist you'll find "*.aol.*". Whether or not the mail really came from there doesn't matter, because almost half of the spam I get reports itself as coming from an AOL account.
Same goes for MSN, hotmail, and yahoo. I couldn't care less whether or not they choose to adopt anti-spam-technique-X, since I don't read any mail coming from them anyway.
And for the one AOL-using person with whom I actually exchange email, my whitelist works just fine.
It still isn't useful against spammers because the filter rules are too simple and too inflexible.
The only possible use is against exploits as HTML-mails are converted to plain text. Nice "i can program an email-server"-project but nothing worth to use in daily life.
Move Sig. For great justice.
Given two vendors I will always prefer the one that is not paying lip services to security and that show they have got half a clue regarding spam.
IANAL but write like a drunk one.
Call me paranoid... but I've noticed that all e-mail I send from my .Mac account to any hotmail account finds itself instantly in Hotmail's Junk e-mail box...
It's a good thing I pay for the stupid e-mail address and the rest of the world seems to use hotmail.
No shit MS Office has IE. Does everyone that uses their mac always use it? Is it the default browser that comes with OSX?
It's all about defaults. If every Mac that ships sets Safari or whatever else as default, that's what Mac users will use, and everything else is an "addon" that people never really like as much as default.
And I don't really care about MacOS 9 or lower - it's all about the now.
- It's not the Macs I hate. It's Digg users. -
Congratulations, you've just reinvented spamassassin! Oh, and learn a little more about the crypto used in Domainkeys (and also about the massive flaws in SPF) before you mouth off about things you don't understand, 'k :-) ... very clever ... let's see what you come up with when you're a big boy.
I think you're a very bright little boy to write a program like CF13 though
Wait a minute... Haven't America Online and Microsoft been working together on an e-mail tracking technology called Sender-ID for a while now?
I hear Intel is getting in on the action too.
Sounds like the IETF wisely wants to avoid a repeat of the Rambus debacle.
Eternity: will that be smoking, or non-smoking? I Corinthians 6:9-10
Slashdot doesn't just dumbly echo whatever info is sent their way, there's a deliberate process of selecting information that will be interesting to their readership. Whether they do a good job of it or not, they at least attempt to filter out boring tripe.
When you decide to jump into a discussion and say, "This is all pointless, the problem has been solved by my wonderful new project!" and post a link to your own press release, that's spamming.
Press releases are released to the press, you nimrod. Then they go through that filtering process I mentioned earlier, so they go to the eyes of interested people. You don't just spam around a press release to your final audience and then claim you're not advertising.
Nobody with any sense is interested in anti-spam technology from a spammer.
Sendmail says DomainKeys adds 8-15% CPU load. Doesn't sound that expensive to me.
Spamming will only stop when it's not profitable any more. No matter how many technical methods we devise, spammers will always find means to overcome them. The computer can be a simple, user-friendly tool, but this does not justify users' lack of education and common levity. Computer users should be strongly encouraged to learn what they are dealing with. This issue is not limited to spam. Laziness is not an excuse.
;>
Notice that, if computer users were educated, they would know how to protect themselves from becoming spam relays. Then sources for spam could be easily identified and dealt with by way of dialog with their ISPs.
Yeah, I know what it's called
SPF is not meant to combat spam directly.
It is meant to make it easier to track down spammers if they happen to break an anti-spam law, as SPF prevents forgeries.
Yes, all a spammer has to do to spam you is to get a domain and set up an SPF record.
But at this point, you can track his ass down, complain to his upstream provider, and get him shut down.
It's a LOT harder to do that when the email is blatantly forged.
retrorocket.o not found, launch anyway?
Pirate hypocrites. Copying music is okay, but not copying posts?
I have seen several web pages written by people who don't like these challenge-response mechanisms, including one earlier today which went so far as to say that if he receives such a challenge, he will delete it- even if it's from one of his customers asking for help. This seems a bit extreme to me, but I can understand his frustration- it is an extra step which shouldn't really be necessary. It's a pain to have to deal with it, both for the sender (who has to respond to the challenges) and the recipient (who sends out the challenges, and has to deal with people calling on the phone to complain about them.) It's a very touchy situation, having to ask your clients to prove that they are human beings instead of spam-sending robot programs... but if you keep a close eye on the mechanism, manually whitelist as many legitimate people as you can, and watch the log file to catch anybody you know, it can be a workable solution (as it has been for me.)
However, having spent ten years building and running ISPs, I can say that there is no way I would ever force something like this on my clients. I might try to find a way to ALLOW my clients to use it on their mailboxes if they want to, but I certainly wouldn't just turn it on for every single email address- trying to explain it to somebody who receives a challenge is hard enough without having to try and explain the whole mechanism to some old lady who knows nothing about computers and just wants to receive email from her grandkids and her sewing circle. I remember the pain of trying to explain blacklists to these people...
It still isn't useful against spammers because the filter rules are too simple and too inflexible.
.
The 900+ email scoring rules in SpamAssasin are totally irrelevant and unecessary!
I have identified the 8 hallmarks of spam and malware, everything else in such email doesn't matter as the 8 hallmarks are deemed 'unwanted content' as needed by those that use my software.
1. File attachments - if not from expected sources, it is likely malware--usually the latest mass-mail-virus-to-hit-unsuspecting-Windows-users
2. HTML - a waste of bandwith to send legitimate, plain-text email and a delivery vehicle for spam, phish attempts (ID theft), scams, and malware.
3. Quoted printable content - not needed for 'standard' email. It is used in HTML email and to encode 'incriminating' commerce characters in an attempt to avoid filtering.
4) Percent signs (% - used primarily in commerce and a potentially 'expensive' web browser exploit via HTML)
5) Dollar signs ($ - used primarily in commerce and, to a lesser extent, in assembler source code listings.)
6) Numbers (0123456789) - needed by spammers to create prices, website urls, email addresses, postal addresses, and contact phone numbers. When interacting with first-time correspondents via email, numbers are likely not needed and will only be used by spammers or computer crackers as part of their email 'pitch'.
7) URLs ( http://www.example.com example.com ) - one of the true payloads of spam email--all other content in such email is irrelevant and merely serves as a means to persuade the email recipient to visit the spammer's website(s) mentioned in such email.
8) Email addresses ( user@example.com ) - one of the true payloads of spam email--all other content in such email is irrelevant and merely serves as a means to persuade the email recipient to contact the spammer at the provided email address(es).
The only possible use is against exploits as HTML-mails are converted to plain text. Nice "i can program an email-server"-project but nothing worth to use in daily life.
My mailserver program also does everything possible to prevent spammers from using the SMTP DATA command in the first place and punish them appropriately when they do.
The complete details of this process is available at the bottom of the software's homepage.
SpamAssasin needs a Perl interpreter to run and is not a mailserver.
My mailserver program has simple, effective, built-in email filtering.
Mailservers like Sendmail, Postfix, and qmail are sophisticated and likely consist of 2 or more programs.
My mailserver is a simple, all-in-one, piece of software that was coded for high-performance. All it needs to run is the Windows operating system and a initially empty hard disk subdirectory to 'live' in.
I'm afraid it's someone else who must get real. MS, as any other company, is required to extract as much profit as possible from any and all assets it owns, or else shareholders will file a lawsuit. This happens.
Sorry, but it's not nearly as cut and dry as you make it sound. Companies aren't required to extract as much profit as possible. Ethics should play an important role in the operations of any company, including one as large as Microsoft. Those two are sometimes mutually exclusive and in that case, it's really up to the leaders in the organization to set an example that their subordinates follow. In this whole Sender-ID case, Bill Gates himself vetoed a request by one of his subordinates to just simply donate the patent to the public domain (as has been done by companies like IBM previously).