Slashdot Mirror
Verizon.net Finally Moving Email To Port 587
The Washington Post's Security Fix blog is reporting that Verizon, long identified as the largest ISP source of spam, is moving to require use of the submission port, 587, in outbound mail — and thus to require authentication. While spammers may still be able to relay spam through zombies in Verizon's network, if the victims let their mail clients remember their authentication credentials, at least the zombies will be easily identifiable. Verizon pledges to clean up their zombie problem quickly. We'll see.
I've been routing my traffic thru their traffic for a few years now, they're not limiting anyone and keep great privacy. what i heard their tunnel service will be open for new customers in a few days again so now is a great time.
Sounds like a great opportunity to charge millions of clueless users $50 to change the setting for them. I see a Vegas vacation on my event horizon.
Nothing worthwhile ever happens before noon
I found out I was a spammer when I investigated a message returned to me. I ended up talking with someone from SORBS. After emailing SORBS a couple of times, I received this message from Michelle Sullivan: "SORBS lists IP addresses that send spam. Often there is real email mixed with the spam, sometimes deliberately, sometimes accidentally. In this case you are using an IP address to send your email that has previously, and is still, sending spam. The IP address is blocked. I'd contact your provider and complain bitterly about it, because it's the provider that is listed, not you specifically."
I send out a newsletter with about 250 subscribers. After talking with SORBS, I contacted Verizon and found out that, even though we signed up for Verizon Business, they limit the amount of email I can send a week to 500 messages. I rarely approach 200 messages and the newsletter is a monthly. Verizon told me I couldnâ(TM)t even send the newsletter in one blast; I had to limit it to 100 subscribers an hour! And in late Fall 2008, some providers, like MS, would reject my mail simply because it had @Verizon.net in the senderâ(TM)s address. I knew I wasn't sending out large amounts of email, let alone spam.
Within those imposed limits, Verizon still could not bring its huge entity to investigate my complaint. In late December, we switch to Constant Contact to email the newsletter. While my boss uses Cox since he works mostly from home, the office is still âoeconnectedâ with Verizon!
Boy, I hate Verizon! Now, maybe they will kill the Zombies from all those dead zones they claim not to have!
=smidge=
Is it just my observation, or is eldavojohn an idiot?
You can set up port 25 SMTP to require authentication for relay purposes, without having to configure end user's machines for another port.
I feel a great disturbance in the Force, as if millions of voices cried out in terror and were suddenly silenced...
Last week I routed an email through PORT 587 and this came out of it:
Hai Adonai Abmozedel, Adonai Garntaturagah, Adonai Hai Prezelbuuub, Adonai Hai Koadze....and so on.
Is their choice really smart ?
This is a good thing, but it's unlikely to improve things in anything other than the short term. They are quite capable of identifying which customers are zombie spam relays already by looking at IP addresses and authentication logs. I did this back in the days of dialup when i did a lot of work on mail systems for another large isp/telco. They are still left with the matter of contacting the customer and explaining the problem and guiding through to a solution. This is expensive to do, and requires hand holding as the customer isn't going to understand what do. It's still cheaper for the ISP to ignore the problem. Zombies will still operate, just now they have to steal authentication details. Big deal.
I say I ain't giving you no tree fiddy you goddamned Loch Ness monster, get yo own goddamned money!
No, the guy posting before you did that ;-)
Comcast has required email to be on port 587 for a while now.
Well your spam made it through, but the response must have been throttled since you didn't get first post. You're a Comcast customer, aren't you?
I went to eat some animal crackers and the box said, "Do not eat if seal is broken." I opened the box and sure enough..
Indeed.
But if you're the ISP you can just say "Hey customers outgoing port 25 is blocked - use authentication and port 587 to send mail".
In general I'm against ISP blocking services, but in the case of spam prevention its a good choice to make.
(The ideal would be to allow outgoing, but cut people off if they spam. That would punish only the guilty, but I guess they're not so keen on that).
As far as I can tell from this article and a few others that are derived from the same press releases, what VZ is doing here is setting up their own mail servers to use Port 587 submission instead of Port 25. That won't stop zombies or legitimate Linux mail systems from sending mail directly to their recipients' systems, though I'm guessing that they'll get around to blocking Port 25 (sigh) once they've got most of their users migrated to 587.
What this will do is give them authentication, which makes it easier for them to block customers who use VZ's mail servers from spamming, but I'd be surprised if there's much of that happening (though botnets keep evolving their techniques.) It's already possible to reduce that simply by using passwords, or using various hokey port 25 authentication methods like receive-before-send; this cleans up the process a bit.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
those who would give up blahblah ben franklin
In general I'm against monitoring people secretly and continuously; but in the case of cities where children are legally or physically possibly present, it's a good choice to make to stop pedophiles.
Support my political activism on Patreon.
Remove the head, destroy the brain.
Most ISPs already do a fair bit of policing on the users of their mail servers, so this probably won't make a big dent (though botnets keep evolving, and if the scalability works to use ISP mail servers, they'll go back to it.) This basically provides a cleaner, more standardized solution for mail submission and authentication. VZ might block Port 25 later, and getting their users onto 587 makes it easier.
Zombies already do deliver their mail directly using Port 25. They're not generally running Real Sendmail (which is way too big and heavy for what they need) - in general they're running stripped-down mail senders that don't bother checking error messages correctly, which is why greylisting's "Go away and come back in 5 minutes" is enough to discourage lots of them. But lots of ISPs have been jumping on the "Block Port 25" bandwagon (with no apologies to Linux users who run their own sendmail), so maybe the zombies will go back to using ISP mail servers more often.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
This makes sense for 99.9+% of customers including probably 99.99% of non-business customers. Customers who claim to have a legitimate need for port 25 and who can demonstrate they have the technical and management infrastructure in place to prevent abuse and the liability insurance or proof of financial responsibility should they fail should be allowed to continue using it subject to termination at any time if it is abused. Heck, I might even just settle for proof of financial responsibility, if they had enough insurance to cover damages from the time spamming was discovered until the plug was pulled.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Yeah, it's possible to do authentication on Port 25, but it's generally hokey and often broke things when people did it, and left passwords in the clear for eavesdroppers - 587 is a cleaner and more standardized solution. I remember having to configure Eudora for receive-before-send when my email provider was trying that approach...
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
Verizon has been an epic sewer network for years, and has ignored their spam problem for years. If they want to clean up now (or make a lame attempt to clean up, as most telco's do), fine. It just means less work for iptables at my end.
For those who are sick of Verizon's bullshit, here's my list (no promises this is complete, but it should have most of em) of Verizon's ip blocks.
206.46.0.0/16
66.12.0.0/14
207.68.0.0/17
71.96.0.0/11
72.64.0.0/11
72.42.0.0/18
71.160.0.0/15
71.162.0.0/16
96.224.0.0/11
98.108.0.0/14
98.112.0.0/13
68.160.0.0/14
162.84.0.0/16
162.83.0.0/16
151.204.0.0/15
138.88.0.0/21
66.171.0.0/16
66.14.128.0/17
151.201.0.0/16
138.89.0.0/16
141.149.0.0/16
141.150.0.0/15
141.152.0.0/14
141.156.0.0/15
141.158.0.0/16
68.160.192.0/18
68.161.192.0/18
66.14.0.0/17
151.196.0.0/14
151.200.0.0/14
151.204.0.0/15
129.44.0.0/16
138.88.0.0/16
64.222.0.0/15
68.236.0.0/14
70.104.0.0/13
70.16.0.0/13
71.96.0.0/11
209.158.0.0/16
209.159.0.0/19
71.160.0.0/11
173.64.0.0/12
70.192.0.0/11
66.174.0.0/16
75.224.0.0/12
75.240.0.0/13
75.192.0.0/10
97.0.0.0/10
Lawyers, MBA's, RIAA? A jedi fears not these things!
In general I'm against monitoring people secretly and continuously; but in the case of cities where children are legally or physically possibly present, it's a good choice to make to stop pedophiles.
... what?
Convert FLACs to a portable format with FlacSquisher
I wish that more software would default to 587 instead of 25. For example, Thunderbird doesn't even mention the possibility of 587 as a "default" port, which really needs to be changed.
In any case, it's good to see the change to 587 become more widespread and hopefully it will eventually become the default port for sending messages (along with encryption + authentication), while 25 will be reserved exclusively for server-to-server communication.
Yes and it is only a matter of time before that changes and evolves.
The reason these alternative ports and blocking works is because most everyone else isn't doing this. When it comes to the point where most people are doing this, new methods will arise.
The first scenario that comes to mind is that the next generation of bot-ware will listen to your outgoing email traffic and learn your password then configure itself to send email based on that information. Then once again, the problem returns. And if *I* can conceive of this, then I *know* spammers have already thought of this. (I am comfortable in the assumption that I have never come up with an original idea.) You can expect this to occur within the next year or so. The drive to these measures are largely based on the size of the target audience after all. (This is the reason Mac OS X is mostly immune to attacks and infection... it isn't yet a big enough target!)
Things will get crazier before they get better.
I like the suggestion that people are somehow lax in security because their mail client remembers their password. Who are these guys who type the password in every 3 minutes when they check their mail?
Everyone knows that damage is done to the soul by bad motion pictures. -Pope Pius XI
As more and more consumer ISP's block outbound connections on port 25, this will only accelerate the development of newer, smarter zombie bots that know how to read the configuration settings of popular email programs (perhaps even the passwords for popular webmail sites stored in your browser's saved password list) and use those settings to send mail.
This will be even more wonderful because all of that spam will now have your name and email address on it.
Tired of FB/Google censorship? Visit UNCENSORED!
I often seen antecdotal numbers in the "millions" when people talk about zombie infected boxen. Yet the article quotes Spamhaus.org claiming "225,454" machines on all networks are sending spam. Even if one were to assume that only a quarter of all zombie machines are sending spam at any one given time, that's still only a million boxes that are compromised and sending spam.
What's the deal? Are there really millions and millions of compromised Windows boxes out there in zombie networks? Or are the numbers over blown when matched up against activity logs that monitor traffic from compromised boxes?
But lots of ISPs have been jumping on the "Block Port 25" bandwagon (with no apologies to Linux users who run their own sendmail), so maybe the zombies will go back to using ISP mail servers more often.
Many ISPs will let you use outbound port 25 if you request it. This usually means only responsible users will have the ability.
Also, you can configure sendmail to use port 587 on another server as the relay, so you could still use your own sendmail and relay through the ISP server.
What the fuck are they doing on 587? That's a secondary half-ass port used as a compromise and a low-end workaround for ISPs and network admins who blanket-block port 25. If you're to move away from port 25 (which can easily accept TLS for encrypted authentication or even just encrypted data without authentication), you might as well move to the one that requires both authentication and encryption.
NO responsible network or ISP should use plain-text authorization as the default method. I was astounded when I heard that RCN (et al!) fail to offer HTTPS webmail and POP3S email (if not the vastly superior IMAPS), and that TLS commands get dropped on the floor. This is completely unacceptable.
Verizon and co should not be commended for this trivial step, they should be scolded for not going full-on SSL.
Use my userscript to add story images to Slashdot. There's no going back.
He's saying that a losing a little bit of liberty to gain some safety isn't worth it. He did this by cleverly rewording the original poster's statement about email to make it about pedophiles to highlight the fact it's essentially the same issue, simply in a different context.
.there is enough of everything for everyone.
It's already possible to reduce that simply by using passwords, or using various hokey port 25 authentication methods like receive-before-send; this cleans up the process a bit.
There is no requirement for any "hokey" authentication...port 25 for connections from inside an ISP could be routed (netcat, iptables, etc.) straight to where an MTA that allows relaying would be listening. For bonus points, any connection from inside the ISP to port 25 on any machine would end up at the same ISP "internal" MTA.
Meanwhile, connections to port 25 from outside the ISP would be routed to a "normal" MTA that doesn't require authentication and will not relay...it would only accept e-mail for domains local to "isp.com".
You don't even need authentication to make this work...authentication just gives you one more piece of proof where a connection came from.
Writing a program to act like a mail server for the purpose of sending spam would not be difficult. You wouldn't need to implement any kind of backend just the simple mail transfer protocol. Take a look at the RFCs 821 and 2821. The original RFC is 821. It contains most everything you would need to write a mailer. The actual communication is very simple by design.
And for the record some virus and trojans do implement this.
The first scenario that comes to mind is that the next generation of bot-ware will listen to your outgoing email traffic and learn your password then configure itself to send email based on that information. Then once again, the problem returns.
The advantage in this instance is that the ISP can easily identify (because the zombie used the user/pass) who has been zombified and inform the customer to get their machine disinfected.
Don't suggest that.
Transparent proxies are the work of the devil and a long step towards full-blown internet censorship.
Or do you work for a company that sells Great Firewalls to China?
Is a very good idea for reduce spam
I herd you like emails in your emails, so I put some traffic thru yo traffic.
What hokey port 25 authentication methods? Any authentication methods offered on port 587 can also be offered on port 25. There is nothing magical about "25" that makes strong authentication unpossible. There is nothing magical about "587" that makes it any more secure than "25." You can run a open relay just as easily on port 587 as you can run one on port 25. You can run SMTP-AUTH and TLS on port 25, and permit relaying to authenticated clients that use TLS, while non-authenticated and/or plain-text clients can only send mail destined for your own domains.
Setting aside port 587 for smtp-submit simply makes the firewall rules at the border easier to manage.
Edith Keeler Must Die
In my opinion, the transition to port 587 is nearly pointless. I already use authentication on port 25 to identify customers.
And according to one of the only people I'd trust on SMTP issues, "the SUBMIT specification has several fundamental flaws that make compliance practically impossible. I advise against all use of port 587" -- djb.
- Michael T. Babcock (Yes, I blog)
It is useful because it allows ISPs to block port 25 for customers who do not run their own mail server (the vast majority of them). This makes it impossible for zombied machines to send mail directly , instead having to go through a relay. Open relays are much easier to filter against / get shutdown for abuse, than a whole swath of zombie computers. Mail going through authenticated relays is also easier to monitor for abuse, plus once the mailhosts relaying the authenticated mail are affected by zombie generated SPAM, they then have an incentive to do something about it.
In short it forces zombie SPAM to be channeled through choke points where it can be more easily identified and shutdown.
As for DJB, IIRC, his complaints against SUBMIT were entirely restricted to the fact that it will be yet another case where everyone implements defacto behavior, rather than following the standard to the letter, because the standard has some flaws in the way it is written. I agree that this is annoying for new implementers, as they have to look beyond the standard to "conventional wisdom" to figure out how to be interoperable. But this is true of every single network protocol in existence to varying degrees. I don't think he had any complaints about the idea of authenticated relays happening on a different port than mailhost-to-mailhost delivery. But, I can't find anything more detailed than what you posted so I can't say for sure.
If you want the ISP's MTAs to relay mail sent from internal computers, then this will break TLS over port 25 as the certificates will (by design) be invalid for the ISP's servers.
grr! Spamhaus is a sock puppet for industry forcing little guys running mail servers off the internet.
-- Programming with boost is like building a house with lego. It's a cool but I wouldn't want to live in it
I just reread your link. In it DJB explicitly advises against running authentication on port 25. In fact, for security reasons, he wrote two separate programs, qmail-smptd and ofmipd, to keep the tasks of relaying authenticated email and accepting mail for local delivery as removed from one another as possible.
He defends the idea of separating these two tasks, not only to separate ports but separate programs, on this thread on the IETF-SUBMIT mailing list.
So, yeah, his complaint against port 587 was simply that if you can't implement the SUBMIT standard correctly (which according to him noone can), you should use a different port then the one specified in that standard. The rest of the world doesn't care, because it sees all the various authentication methods (including SUBMIT) as extensions to SMTP, and not as a different protocol (OFMIP as DJB calls them collectively), and have no qualms running a standard (non-SUBMIT compliant) SMTP server on port 587.
YAY port 587 is a great thing !
but are they going to sign their mail ?
now that would be a good thing so people can not FAKE a @Verizon.net address
google paypal yahoo etc do this
if Verizon did it people would start to respect @Verizon.net
simple if I get a Verizon.net address and it pass's the DKIM then I know it came from their domain
but a big WELL DONE ! someone with a clue got this done !
regards
John Jones
I particularly like the scenario where the ISP informs the customer via *email* that they're infected - the email is intercepted by the spam bot, which stops for a while, then sends an email back promising that the system has been cleaned. All of which is much less silly than the fact that certificate authorities exchange plain-text emails with their customers, and are currently so easy to social-engineer that a bot could do it.
Socialism: a lie told by totalitarians and believed by fools.
My ISP (Xnet, in New Zealand) informs the customer by blocking the internet connection and contacting them by phone (I know this as my flatmate managed to get infected at one point). Your described scenario is somewhat hilarious but somewhat scary as it's probably quite plausible depending on the ISP.
(The ideal would be to allow outgoing, but cut people off if they spam. That would punish only the guilty, but I guess they're not so keen on that).
I'd be more content if they said, "You're blocked by default, but contact our support line and we'll open port 25 for you."
But I find it really frustrating when they block port 25. I use two different email services, and both of them require authentication and SSL, but do it via port 25, so I can't use them for outgoing SMTP if that port is blocked. I've had an ISP block port 25 on me, requiring me to use their SMTP server, but then they wouldn't let me use their SMTP server when I wasn't connecting through them. That's a pretty annoying problem, considering I have a laptop and have to manually change SMTP servers whenever I change locations. And even if ISPs let you use their SMTP server from other locations, if they're using port 25 and other ISPs are blocking that port, then you'll still have to manually change your SMTP server whenever you change locations. It's stupid.
I vaguely suspect that there's some kind of attempt here to get you to use your ISP's email address by making everything else not-work, thereby making it more difficult to change ISPs. Or maybe it's just a means to milk extra money by charging a fee for opening port 25. My old ISP charge $15 a month to open ports 25 & 80.
... are intriguing and I wish to subscribe to your newsletter.
music lover since 1969
verizon obviously has some equipment or customers behind their mailservers that do not support starttls. to avoid total breakage i would imagine they will include port forwarding on a few nets as well. moving the ports is...a bandage at best.
Good people go to bed earlier.
That's why you also use encrypted connections. It would be stupid to pass login information over unencrypted connections.
Without access to the SMTP port and the login information, the next route is to tell the default mail programs (Outlook express, Mail.app, etc) to send a mail and let those programs handle it. This is already used by malware, and has been for some time. The reason they've been using straight SMTP is that it's harder for the user to notice, and marginally harder to trace to the sender.
Well, that and the lack of "run any code any idiot puts on a web page" (ActiveX, VBScript) and the whole non-root privileges by default thing.
Verizon pledges to clean up their zombie problem quickly.
That's what they said abot Ravenholm, and see what happened!
I can imagine that they would not look at the traffic, but look on your system to what the password of your Outlook Express is.
There are already things that van do that and I would suspect it can be re-written to do get the password without you knowing it and then use it to spam the world.
http://www.filetransit.com/files.php?name=Reveal_Outlook_Express_Password
Don't fight for your country, if your country does not fight for you.
Now that's a response that'll shut 'em up. Right comes not only from correct analysis, but also requires a refusal to live in fear! Nice job.
It's only been about five or six years since I wrote a letter to a Verizon executive about email I was receiving from Verizon zombies. I was frustrated by no way of contacting them online and looked up the executive's postal mailing address. I got no response.
Their track record continues. I looked for a way to find out if they will be blocking TCP/25 connections to other ISPs or just to their mail servers, and there seems to be no way to contact a live human being at that company.
"Who controls the past controls the future. Who controls the present controls the past." -- George Orwell
That actually sounds reasonable to me. If you plan to run your own web server you are bound to create extra traffic. You pay for that. And if you think it's too much then rent server space at a web server co. Probably cheaper even.
Home internet connections are not to run servers on. Then you need a business connection. In which case you probably get a fixed IP to boot, saves finding (and paying for) a dynDNS service.
Setting a limit of say 100 mails, no make that 500 mails per day will do the job pretty much as well.
It is a limit that normal users will not reach. OK maybe some send out newsletters, one could consider making the limit a bit flexible on request. Though help desk calls are expensive of course for the ISP.
500 mails per zombie per day I don't think is interesting for a spammer. Now they can do hundreds of thousands in a day per zombie. It would lower the value of botnets for starters. And the user that is infected will have problems sending mail for being over the limit within minutes of switching on his computer - I can't think of a better way to convince people to clean up their act.
Home internet connections are not to run servers on.
What, is that a rule of some kind? I guess home internet connections are just meant for media companies to broadcast out to you, and not for you to participate on the Internet, right? We probably don't need to be able to get good upload rates either, or anything like that. Hell, let's just block all ports, and make traffic completely one-way unless it's traveling through ISP-approved servers.
I would actually be FOR ISPs blocking outbound email (except via their relay) by default, IF there is an easy way to remove the block.
This way Joe Sixpack can't send spam, and won't notice the block in any case, while those who know what they're doing can can have the access.
You do not need to run your own server to "participate on the Internet". You do not need to run your own web server to post comments on /. for example. Or to blog on Blogspot. Or to post your videos on Youtube. Just to name a few functions. Besides being geek I can't think of any reason to have to run your own servers as only way to "participate on the Internet".
Oh, right, we should just rely on the benevolence of big media companies to provide forums for us to interact. I'm sure they'll never use our reliance as leverage to get what they want.
What, is that a rule of some kind?
It's a defacto rule for a couple of reasons
- ISPs have structured their networks where download speeds are higher then upload speeds, because that works for 80%+ of their user base.
- They don't want to be bothered with service calls from people trying to run their own servers. If you want that, get a business package with better support for doing things that the large majority of the user base does not do.
- It's about control and revenue. Business are willing to pay more for less control, therefore it makes sense from a revenue standpoint to charge more to those who are willing to pay for more.
- Bandwidth is not free. It's getting cheaper every year, but those really big links to other ISPs (or even other sections of the ISP network) are expensive.
Which all boils down to - if you want more service then the other 80% of the population, you're going to have to pay more for it. If you're not willing to pay for it, then it is apparently not important enough for you. (Or your business model is flawed because you're wishing that the world worked differently. In which case you can either get into the ISP business yourself and do it the way that you want to, or shop around for a better ISP.)
Wolde you bothe eate your cake, and have your cake?
Either way, with the use of credentials - you have a way to contact the *right* person. Without authentication, you're taking stabs in the dark which is not worth doing. You can't prove which user caused the issue because all you have is an IP address. (Although the RIAA is trying hard...)
With authentication, it basically boils down to one of two cases:
A) The user's PC is infected, the spambot read their username/password out of a configuration file. In this case, you've identified the correct person to contact and you can, via your TOS contract, require them to take corrective action before reconnecting to your network.
B) The user's authentication credentials have been stolen or shared (almost always against the terms of service). Once again, you have a person that you can contact and tell them to correct the situation. Maybe you block them entirely, maybe you rate limit down to 1 email per hour, or force all their web traffic to go to a notification page. Or you have a CS rep call them and have them change their password. Bottom line, you can prove that the user account was used for actions not within the TOS contract and can then force the other party to take corrective action.
And it's not a black/white corrective situation. You might decide to apply a variety of methods. The initial contact might be via e-mail listed in the customers contact profile. If that doesn't work, an automated phone call might fit the bill. Or progressively worse rate limiting (100 per day down to 1 e-mail per day) until the issue is fixed. Since all of the traffic flows through a single point (the Verizon mail server) and has credentials attached to it, management of the situation is simply a lot easier.
Wolde you bothe eate your cake, and have your cake?
That actually sounds reasonable to me. If you plan to run your own web server you are bound to create extra traffic.
Which then reduces the bandwidth I have available to do other things. Why should an ISP care if I'm using 50 kbps for a web server and 50 kbps for porn instead of 100 kbps for porn?
It's about control and revenue.
That's the only part that you really got right. It's an issue of marketing. They know that they can give crappy service to most people, and most people won't notice. So they do that, and then if you want decent service, they hold you hostage for a higher price-- not necessarily because it costs them any more, but because they can. If they could get away with charging you $10/byte, they would. If these companies could turn the Internet into a broadcasting system where they controlled what you saw, they would.
It's an issue of what they can get away with, and nothing else.
Given the convergence of phone and data traffic, I wonder how long it wil be before the mallware bot answers the phone when you call the TOS contact. A bot would hardly be weirder than some of the cusomters that ISP tech support has to deal with. :)
Socialism: a lie told by totalitarians and believed by fools.
Don't worry, modern deep inspection can do almost anything that a transparent proxy can do, and it's generally harder to detect.
Finally! A year of moderation! Ready for 2019?
DKIM is helpful in some cases but not too many.
The real solution to spam is individual sender signatures, because:
* A mail server (ISP or IT or self owned) can never accurately decide what is SPAM for the recipient.
* Signed e-mail allows the recipient to filter accordingly
* Unknown senders can be assigned a trust score based on the network of trust and filtered accordingly
* Keys can be bought form commercial vendors, but they don't have to
* Mail lists can re-sign a message, so no forwarding problems there, just a bit of computation.
Do you sign you e-mail? Start today and make the world better. Once the signature is universal, even the ISP get rid of the 80% + useless SPAM, because it will be not profitable anymore. If the ISPs want to do something about it, give signature keys to your customers or sign the e-mail automatically with the customers key (by default).
Busy helping non technical users of OpenOffice.org - http://plan-b-for-openoffice.org/
Modded "overrated"? Why is that?
-dZ.
Carol vs. Ghost
An internet connection is a pipe to the open internet, nothing more, nothing less. You are paying for the following bandwidth at the following conditions, and that's that. They can't tell you what to do with what you bought. How'd you feel if the electricity company bans running a computer load higher than 500 W. Besides being a geek, I can't think of any reason to run more than 500 W worth of computers.
Linux is for those who hate windows, *BSD is for those who love UNIX, Plan 9 is for practical folks like me.