But if you can't send mail direct
from your machine to someone else's MX without using your ISP's mailserver, as is the case in
your
complaint, that's not MAPS' doing. It's either your ISP's decision, or the decision of the receiving system that they don't want mail direct from dial-ups.
Are you telling me you can't add
define(`SMART_HOST', smtp:my.isps.mail.host)
to your sendmail.mc file, that that's too inconvenient?
In any case, take it up with the receiving system
admin, not MAPS. MAPS simply provides a handy
list of dialup IP ranges.
A common misconception is that the anti-spam camp
abuses the spammers right back.
While I can't say that never happens, more frequently it's showing the ISP the spam, and the
section of THEIR OWN Acceptable Use Policy that's
been violated, and asking them to remove the spammer's account.
Or simply denying them service (hosts.deny, anyone?).
Or educating the admins of open relays on how to secure them. If half of the open relays get secured, then the spam load on the remaining half
doubles. It's self-punishing to be a moron.
Unfortunately, the Times story neglected to point
out that there is a Usenet newsgroup dedicated to
this topic, frequented by many of the administrators mentioned in the article, and some
of the people from MAPS.
And they're only too happy to discuss the same
kinds of ideas being posted here, and help turn
you into an amateur anti-spam guerilla.
I'm no crypto genius, but I've thought about this before.
Wouldn't it be simpler if you could just confirm every transaction with a secret only the cardholder knows? What I mean is, If I find a card, or preferably someones whole wallet, lying on the street, I can use it on the net, no problem.
Unless I had to put in a PIN that wasn't written on the card. I'm amazed that all the information you need to use a card is contained ON the card.
The way I see it, you would have some kind of instant messaging account set up beforehand, and the CC company would have it on file. So every time you entered your card info to make a sale, the merchant would send the request to the CC co. for approval. Before giving that approval, the CC co. would IM you and ask for your PIN. Hopefully the PIN request would be by some out-of-band method (i.e. not via the merchant) pre-agreed on by you and the CC co.
That way, the merchant would never get your secret (PIN, mother's maiden name, whatever) and couldn't record it in a database. And a criminal wouldn't KNOW the secret, and couldn't use your card.
How this would work in a physical STORE, away from home, would take someone smarter than me to figure out.:)
The Navy's isn't much better.
I work in nuclear power for then navy. I not only can't quit when I get a better job offer, but when I can finally quit...
Everything I know about nuclear power that the Navy taught me (whether I already knew it or not, since the Navy taught me again, it counts) is classified, either Confidential or NOFORN.
So I can't prove I know anything, since I can't reveal classified information.
Note: in practice this isn't as bad as it sounds, since commercial companies know Navy nukes know their stuff. And the common sense rule apparently applies. Still though..
Slashdot Mirror
Yeah, that MAPS.
But if you can't send mail direct from your machine to someone else's MX without using your ISP's mailserver, as is the case in your complaint, that's not MAPS' doing. It's either your ISP's decision, or the decision of the receiving system that they don't want mail direct from dial-ups.
Are you telling me you can't add
define(`SMART_HOST', smtp:my.isps.mail.host)
to your sendmail.mc file, that that's too inconvenient?
In any case, take it up with the receiving system admin, not MAPS. MAPS simply provides a handy list of dialup IP ranges.
A common misconception is that the anti-spam camp abuses the spammers right back.
While I can't say that never happens, more frequently it's showing the ISP the spam, and the section of THEIR OWN Acceptable Use Policy that's been violated, and asking them to remove the spammer's account.
Or simply denying them service (hosts.deny, anyone?).
Or educating the admins of open relays on how to secure them. If half of the open relays get secured, then the spam load on the remaining half doubles. It's self-punishing to be a moron.
This seems to be a popular topic.
Unfortunately, the Times story neglected to point out that there is a Usenet newsgroup dedicated to this topic, frequented by many of the administrators mentioned in the article, and some of the people from MAPS.
And they're only too happy to discuss the same kinds of ideas being posted here, and help turn you into an amateur anti-spam guerilla.
That newsgroup is news.admin.net-abuse.email
</plug>
Wouldn't it be simpler if you could just confirm every transaction with a secret only the cardholder knows? What I mean is, If I find a card, or preferably someones whole wallet, lying on the street, I can use it on the net, no problem.
Unless I had to put in a PIN that wasn't written on the card. I'm amazed that all the information you need to use a card is contained ON the card.
The way I see it, you would have some kind of instant messaging account set up beforehand, and the CC company would have it on file. So every time you entered your card info to make a sale, the merchant would send the request to the CC co. for approval. Before giving that approval, the CC co. would IM you and ask for your PIN. Hopefully the PIN request would be by some out-of-band method (i.e. not via the merchant) pre-agreed on by you and the CC co.
That way, the merchant would never get your secret (PIN, mother's maiden name, whatever) and couldn't record it in a database. And a criminal wouldn't KNOW the secret, and couldn't use your card.
How this would work in a physical STORE, away from home, would take someone smarter than me to figure out. :)
Just a thought.
The Navy's isn't much better. I work in nuclear power for then navy. I not only can't quit when I get a better job offer, but when I can finally quit... Everything I know about nuclear power that the Navy taught me (whether I already knew it or not, since the Navy taught me again, it counts) is classified, either Confidential or NOFORN. So I can't prove I know anything, since I can't reveal classified information. Note: in practice this isn't as bad as it sounds, since commercial companies know Navy nukes know their stuff. And the common sense rule apparently applies. Still though..