They do know where the source was taken from. Files in the archive being passed around indicated that the computer was owned by an exec at Mainsoft. Add, in a nice ironic twist, the computer was a linux box...
http://www.eweek.com/article2/0,4149,1526831,00. as p
while i agree that creating a separate account just for mail is extreme, your examples dont really compare (except probably the word processor one). Those other applications are not a concern for virus propagation.
If you assume that your mail software has exploitable problems, and your document editor has exploitable problems, it is reasonable to assume that all software has exploitable problems. I was just illustrating that sandboxing an application under a unique user account was a silly, and merely masks the underlying problem.
i'm pretty sure that if you mount the filesystem noexec, chmod will not give you executable permissions on files on that filesystem. I agree that people will do stupid things and no amount of engineering can stop that. But i dont think this piece of social engineering would work on a noexec filesystem. Tangentially related (and solely my opinion), i think the windows ui encourages people to do stupid things.
Just because the tools are there to prevent the problem doesn't mean they will be used. No home user will use a system where they can't run a program of their choice (which you seem to acknowledge).
The problem is that the secure way isn't convenient. Users like convenient. Where possible, they will disable security features when they believe they're smarter than the computer. Security has to be done seamlessly (ie: not get in the user's way), which is one of the goals of the 'trusted computing initiative' (aside from all of the paranoia you read about it around here).
The UI doesn't cause people to do stupid things... that may have been true 5 years ago before anyone came up with email-worms. But definately not today. People just ignore the warnings and click ok.
I didnt say there were no active scripting exploits in linux mail clients. i said there is no active scripting to exploit. I included the "most" because i'm not personally familiar with all mail clients that exist for linux and expect there's probably one out there that does have an active scripting language in it.
Gotcha. I misread your original statement. However, you don't need to have active scripting in your mail client to have a flaw present which allows arbitrary code to run. A flaw could exist in HTML rendering code, MIME decoding, the code which displays the subject line, etc...
the point wasnt that you can prevent damage from happening at all. the point was that you can minimize the damage in a way that is significant to the user. The user doesnt have to be fucked because he doesnt have to lose all his data; and that makes it better.
The same solutions that you describe can be implemented on a Windows system with the tools currently available. Nobody does it, because it's a pain in the ass for the user.
Besides, if you're really worried about it, you can create two accounts; a work account and a mail account. Then crap in your inbox cannot nuke your work.
Sure, while we're at it, let's create separate accounts for the word processor, gimp, the application you use to transfer pictures from your digital camera...
Alternatively, you can set up a cron job to do nightly backups so a virus hosing your home directory only trashes work done since midnight the night before.
The problem still remains -- damage is done.
well, the afore mentioned noexec would stop them in their tracks.
So a 'well written' worm will contain the text:
"Hey, check out this cool new game...you'll have to run 'chmod 755' on the file after saving it before you can run it." The problem still exists. In fact, with all of the stupid things people email each other your user will already be conditioned that such an operation is a normal thing to do. The fact that your mail client has a poor UI doesn't mean it isn't a problem.
On top of that, there's no active scripting to exploit in most linux mail clients.
There no KNOWN active scripting exploit. And there's that "most" word...
Other user accounts are easily protected from having their address books read by these kinds of worms
It doesn't matter about the other users. The ability to get one user's address book means that the worm will probably end up being sent to your other users.
Limited in the sense that the user can lose all of their data, but the system still boots. The user is still fucked, because they lost all their data. Somehow, that doesn't really seem any better to me.
Additionally, all of the worms that depend on the user launching them on windows could do an equal amount of 'damage' in the unix world. No special permissions are required for them to do their thing.
Try stopping on gravel or sand with an ABS system. One ice ABS is on equal footing (or lack thereof) with conventional disk brakes. They can be a pain in the ass to dry off if you drive through a puddle.
How many gravel or sand roads does the average person drive on? On which the speed limit is greater than 15mph? AND in an enviornment where urgent stops are required on a frequent basis? (ie: not a farm road or driveway).
I will conceede the point that ABS performs worse in straight line conditions where the static coefficient of friction is greater than the initial coefficient of friction. However, the instant you need to turn while stopping ABS takes the crown again.
I'm not quite sure what your last sentence is trying to say.
Say what you will about race car drivers, every trip I take out out the road I'm tailgated by some dumbass who thinks his anti-lock brakes give him instant stopping power.
I doubt that ABS is the reason the dumbass is tailgating you. I think it's because the dumbass is, well, a dumbass. ABS is pretty much standard equipment on new cars sold these days (at least around the $20k pricepoint; less likely to find on an econo car), so it isn't a huge surprise that a large portion of idiot drivers have ABS brakes.
I think your anger would be better directed at the poor drivers, instead of safety features.
Any version of XP a consumer can legally get is already crippled beyond use....and people buy it and use it because it doesn't work...
It has a huge bug called "product activation" which means you can not reinstall the product you supposedly bought without Microsoft's permission.
Product activation isn't a "bug". A bug would be code that behaved contrary to the programmer's design, and I would submit that the product activation code was intentionally created and is working very much the way Microsoft intended.
It also does not mean you must get "permission" to reinstall. You can reinstall the product as much as you like. If you reinstall it on a new hardware within a few months of your original install, you have to make a 2 minute phone call.
(which I'm sure is a huge problem for most people, as the average person buys a new computer every week... oh, wait, it's more on the order of years).
This renders the product completely useless because you won't be able to re-install it in 5 or 10 years to access old data, or if somehow newer MS code is even worse.
Great. Now how is it stored in Tiffs? In Gifs? In Pings? In a graphics format that debuts in 2 years? In an raw image format only supported by your particular digital camera? In text files?
Metadata isn't something designed to be stored in the file format, it is data you associate with the file itself.
Actually, you're making the user work around the limitations of the file system.
You are forcing the user to manually create a structure, and manually organize that structure. And you hope that no mistakes are made in that process.
And it doesn't solve other problems, such as finding wedding photos with bob and mark in them. Being able to create a "query" and have a directory structure appear in front of you based on that query is a very neat idea.
Manualy adding metadata to each of your 200+ wedding pictures looks so smarter than just creating an old fashioned directory "wedding pics" and moving them into it......because we all know that you'd have to add the metadata to each file individually (as opposed to, say, selecting a group of files and adding the same piece of metadata to them all at the same time...).
What would those new problems be? And under what extremes are ABS equipped cars useless? I certainly haven't noticed any new problems, nor have I found my car to be ill equipped in snowy & icy conditions.
You forget that the average driver isn't a race car driver. They don't know how to threshhold brake.
Hell, there was a car magazine article I read awhile back that had 6 pro drivers try to stop a car in a shorter distance than ABS could -- only one was able to do so. Only 1 out of 6 pro drivers was able do better than ABS under ideal conditions. If pro driver's can't best ABS, how do you expect an average driver to do?
The average driver, under the best conditions (ie: they don't panic) is going to pump the brake pedal. ABS does this, except faster & better, as a a good abs system can pump the "pedal" on each tire independantly (depends on how many channels the system has; there are 1, 2, and 4 channel abs systems).
The average driver, under non-ideal conditions (ie: they panic) is going to push the brake pedal to the floor. This means the car is going to slide in a straight line. Or worse, they'll break the back end loose and start to spin. The older the car and more worn the brakes are, the more likely the latter will happen.
ABS does it's job very well. Statistics back that claim. Every now and then, race car driver wanna bes like you proclaim that it doesn't without any proof to back it up, other than "it can't beat threshold braking".
Brakes don't help period when a car goes into a spin. You end up shifting weight off of the rear tires, which reduces traction further, which increases the rate of spin, which pretty much kills any chance of recovering control of the vehicle.
That depends on the vehicle you're driving and the vehicle that is next to you.
My particular has a 1-2' gap on both sides of the mirror that a mid sized car can hide in. If the car is something near the size of a geo metro, that gap is considerably larger.
While this can eliminate most of the blind spot, it is still possible to have a blind spot.
With my particular car, there is a two foot gap that an averaged sized car can hide in such that it will not be visible from the rear view mirror or the side mirror.
There is another one foot gap that a car can hide in where I won't see it out of the corner of my eye or the side mirror.
The gaps are small, and it isn't often that a car will be in that gap, it does happen on occasion.
Your tracking scheme also assumes that the people around you will be driving in a sane manner (the faster a car is moving, the less likely you will notice it approaching via your mirrors), and that cars multiple lanes to your right or left will not change langes.
Google is currently in the process of screwing up. The quality of their search results has decreased dramatically over the last year.
A good example would be searching for information about a specific product -- say a dvd player, or a computer monitor. All you get are links to sites that aggregate links to places that sell the product.
1) It may be their decision, but it is a poor one. They already have to open their network to outside computers in order to allow for the delivery of email. 2) If my mother (being the most computer illiterate person you will ever encounter) can figure it out, your friends should be able to as well. If they don't understand it, educate them.
Alternative solutions:
Step 1) Register your own domain name. Since you won't be doing much with it, you can probably let your registrar be your primary DNS provider; alternatively, other companies (ex: dyndns.org) also provide primary dns services. Setting up your own dns server with the right records is a royal pita, and it is generally a good idea to have an off site server hosting it anyway, so I don't recommend going that route.
Step 2a) Have your ISP host your domain name (usually you can get them to just host mail for a fairly inexpensive cost). Step 3a) Add an SPF record for your domain authorizing your ISP's SMTP servers to send email for your domain.
Step 2b) Setup a firewall/router (a linksys router, or a linux firewall distro running on cheap hardware) Step 3b) Setup a cheap linux box that lives behind the firewall Step 4b) Install/configure qmail on your linux box Step 5b) Have your firewall forward incoming traffic on port 25 to your cheap linux box running qmail. Step 6b) Setup some sort of pop3 server on your linux box running qmail; you can forward pop3 traffic to your box if you want, but I never check mail from outside of home so I don't bother. Step 7b) Setup a dynamic dns service at dyndns.org. Resolution for changes is on the order of hours for the 'static' (changes less than once a month) service. Step 8b) Setup an MX record pointing to the domain you registered at dyndns.org, which will point to your (changing) IP. Step 9b) Add an SPF record for your domain authorizing your ISP's SMTP servers to send email for your domain, if you intend to send email via your ISP's SMTP server. Step 10b) Add an SPF record for your local mail server, if you intend to send email using your own SMTP server.
There are many other ways you can actually go about doing this, and several which are more sophisticated; but if you can get either of those two to work, you should be able to figure out what else you'd like to do as well.
He claimed he was trying to start a software business. He also stated publicly that he registered it because it sounded like "microsoft." While on paper you wouldn't confuse the two, microsoft and mikerowesoft are phonetically identical. While you may not agree with it, the arguement can be made that the phonetic similarity between microsoft and mikerowesoft would be enough to constitute trademark infringement.
MS may not have won such a trademark case -- that's not the point. Hell, they probably wouldn't care. The point is that an arguement CAN be made for trademark infringement. Unless you vigilantly defend your trademark, someone else can come along, point at the one time you ignored it, and can claim that the term has become generic.
You won't see anyone branding linux "Microsoft Linux" today, because MS still holds the trademark. Once the term "Microsoft" becomes generic, there is no more trademark, and such a title is fair game. Which is the whole point.
The dialup ISP that controls my email address requires one to be on an IP address that is controlled by them in order to send mail through their SMTP server.
Simply using the "Reply-To" field isn't really an option for reasons that have been explained by someone else in this thread.
So your arguments are: 1) Your ISP is stuck in the stone age and doesn't have a server capable of SMTP auth. 2) Your friends are too stupid to figure out what Reply-To means.
Why not? It *IS* my real email address after all.. the only reason it even might appear to be spoofed at all is because my broadband's domain is different from our previous ISP that my wife and I have kept our email accounts on.
Sure, YOU know that. How do *I* know that? That's the whole point. I don't. If I did know that the party sending email on your behalf was authorized to do so, vs a party NOT authorized to do so, it would be a HUGE win against spam. SPF is THE absolute best idea I've seen to combat the problem.
The solution to your 'problems' is to convince your ISP to get their act together. Use a proper SMTP server which supports SMTP auth, and allow their customers to send email from IPs outside their network using SMTP auth. The standard is frick'in 5 years old now, there isn't any excuse to not support it.
Slashdot Mirror
They do know where the source was taken from. Files in the archive being passed around indicated that the computer was owned by an exec at Mainsoft. Add, in a nice ironic twist, the computer was a linux box ...
. as p
http://www.eweek.com/article2/0,4149,1526831,00
The source was taken from a computer owned (at least at one point) by Mainsoft.
Mount the /home partition 'noexec'. That's something Windows definitely CAN'T do..
Actually, you have finer grained control in Windows (if you use NTFS) by using the Read & Execute permission...
while i agree that creating a separate account just for mail is extreme, your examples dont really compare (except probably the word processor one). Those other applications are not a concern for virus propagation.
... that may have been true 5 years ago before anyone came up with email-worms. But definately not today. People just ignore the warnings and click ok.
If you assume that your mail software has exploitable problems, and your document editor has exploitable problems, it is reasonable to assume that all software has exploitable problems. I was just illustrating that sandboxing an application under a unique user account was a silly, and merely masks the underlying problem.
i'm pretty sure that if you mount the filesystem noexec, chmod will not give you executable permissions on files on that filesystem. I agree that people will do stupid things and no amount of engineering can stop that. But i dont think this piece of social engineering would work on a noexec filesystem.
Tangentially related (and solely my opinion), i think the windows ui encourages people to do stupid things.
Just because the tools are there to prevent the problem doesn't mean they will be used. No home user will use a system where they can't run a program of their choice (which you seem to acknowledge).
The problem is that the secure way isn't convenient. Users like convenient. Where possible, they will disable security features when they believe they're smarter than the computer. Security has to be done seamlessly (ie: not get in the user's way), which is one of the goals of the 'trusted computing initiative' (aside from all of the paranoia you read about it around here).
The UI doesn't cause people to do stupid things
I didnt say there were no active scripting exploits in linux mail clients. i said there is no active scripting to exploit. I included the "most" because i'm not personally familiar with all mail clients that exist for linux and expect there's probably one out there that does have an active scripting language in it.
Gotcha. I misread your original statement. However, you don't need to have active scripting in your mail client to have a flaw present which allows arbitrary code to run. A flaw could exist in HTML rendering code, MIME decoding, the code which displays the subject line, etc...
the point wasnt that you can prevent damage from happening at all. the point was that you can minimize the damage in a way that is significant to the user. The user doesnt have to be fucked because he doesnt have to lose all his data; and that makes it better.
The same solutions that you describe can be implemented on a Windows system with the tools currently available. Nobody does it, because it's a pain in the ass for the user.
Besides, if you're really worried about it, you can create two accounts; a work account and a mail account. Then crap in your inbox cannot nuke your work.
...
...
Sure, while we're at it, let's create separate accounts for the word processor, gimp, the application you use to transfer pictures from your digital camera
Alternatively, you can set up a cron job to do nightly backups so a virus hosing your home directory only trashes work done since midnight the night before.
The problem still remains -- damage is done.
well, the afore mentioned noexec would stop them in their tracks.
So a 'well written' worm will contain the text:
"Hey, check out this cool new game...you'll have to run 'chmod 755' on the file after saving it before you can run it." The problem still exists. In fact, with all of the stupid things people email each other your user will already be conditioned that such an operation is a normal thing to do. The fact that your mail client has a poor UI doesn't mean it isn't a problem.
On top of that, there's no active scripting to exploit in most linux mail clients.
There no KNOWN active scripting exploit. And there's that "most" word
Other user accounts are easily protected from having their address books read by these kinds of worms
It doesn't matter about the other users. The ability to get one user's address book means that the worm will probably end up being sent to your other users.
Limited in the sense that the user can lose all of their data, but the system still boots. The user is still fucked, because they lost all their data. Somehow, that doesn't really seem any better to me.
Additionally, all of the worms that depend on the user launching them on windows could do an equal amount of 'damage' in the unix world. No special permissions are required for them to do their thing.
Try stopping on gravel or sand with an ABS system. One ice ABS is on equal footing (or lack thereof) with conventional disk brakes. They can be a pain in the ass to dry off if you drive through a puddle.
How many gravel or sand roads does the average person drive on? On which the speed limit is greater than 15mph? AND in an enviornment where urgent stops are required on a frequent basis? (ie: not a farm road or driveway).
I will conceede the point that ABS performs worse in straight line conditions where the static coefficient of friction is greater than the initial coefficient of friction. However, the instant you need to turn while stopping ABS takes the crown again.
I'm not quite sure what your last sentence is trying to say.
Say what you will about race car drivers, every trip I take out out the road I'm tailgated by some dumbass who thinks his anti-lock brakes give him instant stopping power.
I doubt that ABS is the reason the dumbass is tailgating you. I think it's because the dumbass is, well, a dumbass. ABS is pretty much standard equipment on new cars sold these days (at least around the $20k pricepoint; less likely to find on an econo car), so it isn't a huge surprise that a large portion of idiot drivers have ABS brakes.
I think your anger would be better directed at the poor drivers, instead of safety features.
XP gives you 30 days to activate, after which it still functions in a somewhat crippled state.
Even if they did, your old copy of XP would still function and allow you to acces that 5 or 10 year old data.
with xp home you leave your shares open to the entire network or you don't share them at all ...and for a home network, that's a problem WHY?
Every sentence in your post is incorrect.
...and people buy it and use it because it doesn't work...
... oh, wait, it's more on the order of years).
Any version of XP a consumer can legally get is already crippled beyond use.
It has a huge bug called "product activation" which means you can not reinstall the product you supposedly bought without Microsoft's permission.
Product activation isn't a "bug". A bug would be code that behaved contrary to the programmer's design, and I would submit that the product activation code was intentionally created and is working very much the way Microsoft intended.
It also does not mean you must get "permission" to reinstall. You can reinstall the product as much as you like. If you reinstall it on a new hardware within a few months of your original install, you have to make a 2 minute phone call.
(which I'm sure is a huge problem for most people, as the average person buys a new computer every week
This renders the product completely useless because you won't be able to re-install it in 5 or 10 years to access old data, or if somehow newer MS code is even worse.
See last statement.
Great. Now how is it stored in Tiffs? In Gifs? In Pings? In a graphics format that debuts in 2 years? In an raw image format only supported by your particular digital camera? In text files?
Metadata isn't something designed to be stored in the file format, it is data you associate with the file itself.
Actually, you're making the user work around the limitations of the file system.
You are forcing the user to manually create a structure, and manually organize that structure. And you hope that no mistakes are made in that process.
And it doesn't solve other problems, such as finding wedding photos with bob and mark in them. Being able to create a "query" and have a directory structure appear in front of you based on that query is a very neat idea.
So now how do you go and find pictures from the wedding that Joe was in? (Let's say that Joe was the best man)
Manualy adding metadata to each of your 200+ wedding pictures looks so smarter than just creating an old fashioned directory "wedding pics" and moving them into it ... ...because we all know that you'd have to add the metadata to each file individually (as opposed to, say, selecting a group of files and adding the same piece of metadata to them all at the same time...).
What would those new problems be? And under what extremes are ABS equipped cars useless? I certainly haven't noticed any new problems, nor have I found my car to be ill equipped in snowy & icy conditions.
You forget that the average driver isn't a race car driver. They don't know how to threshhold brake.
Hell, there was a car magazine article I read awhile back that had 6 pro drivers try to stop a car in a shorter distance than ABS could -- only one was able to do so. Only 1 out of 6 pro drivers was able do better than ABS under ideal conditions. If pro driver's can't best ABS, how do you expect an average driver to do?
The average driver, under the best conditions (ie: they don't panic) is going to pump the brake pedal. ABS does this, except faster & better, as a a good abs system can pump the "pedal" on each tire independantly (depends on how many channels the system has; there are 1, 2, and 4 channel abs systems).
The average driver, under non-ideal conditions (ie: they panic) is going to push the brake pedal to the floor. This means the car is going to slide in a straight line. Or worse, they'll break the back end loose and start to spin. The older the car and more worn the brakes are, the more likely the latter will happen.
ABS does it's job very well. Statistics back that claim. Every now and then, race car driver wanna bes like you proclaim that it doesn't without any proof to back it up, other than "it can't beat threshold braking".
Brakes don't help period when a car goes into a spin. You end up shifting weight off of the rear tires, which reduces traction further, which increases the rate of spin, which pretty much kills any chance of recovering control of the vehicle.
If you set 'em up right, there ARE NO blindspots.
That depends on the vehicle you're driving and the vehicle that is next to you.
My particular has a 1-2' gap on both sides of the mirror that a mid sized car can hide in. If the car is something near the size of a geo metro, that gap is considerably larger.
While this can eliminate most of the blind spot, it is still possible to have a blind spot.
With my particular car, there is a two foot gap that an averaged sized car can hide in such that it will not be visible from the rear view mirror or the side mirror.
There is another one foot gap that a car can hide in where I won't see it out of the corner of my eye or the side mirror.
The gaps are small, and it isn't often that a car will be in that gap, it does happen on occasion.
Your tracking scheme also assumes that the people around you will be driving in a sane manner (the faster a car is moving, the less likely you will notice it approaching via your mirrors), and that cars multiple lanes to your right or left will not change langes.
Moral of the story: always do a headcheck.
Windows update has a patch for Win9x platforms.
Google is currently in the process of screwing up. The quality of their search results has decreased dramatically over the last year.
A good example would be searching for information about a specific product -- say a dvd player, or a computer monitor. All you get are links to sites that aggregate links to places that sell the product.
I think they're following Capcom's lead ... (think Street Fighter)
1) It may be their decision, but it is a poor one. They already have to open their network to outside computers in order to allow for the delivery of email.
2) If my mother (being the most computer illiterate person you will ever encounter) can figure it out, your friends should be able to as well. If they don't understand it, educate them.
Alternative solutions:
Step 1) Register your own domain name. Since you won't be doing much with it, you can probably let your registrar be your primary DNS provider; alternatively, other companies (ex: dyndns.org) also provide primary dns services. Setting up your own dns server with the right records is a royal pita, and it is generally a good idea to have an off site server hosting it anyway, so I don't recommend going that route.
Step 2a) Have your ISP host your domain name (usually you can get them to just host mail for a fairly inexpensive cost).
Step 3a) Add an SPF record for your domain authorizing your ISP's SMTP servers to send email for your domain.
Step 2b) Setup a firewall/router (a linksys router, or a linux firewall distro running on cheap hardware)
Step 3b) Setup a cheap linux box that lives behind the firewall
Step 4b) Install/configure qmail on your linux box
Step 5b) Have your firewall forward incoming traffic on port 25 to your cheap linux box running qmail.
Step 6b) Setup some sort of pop3 server on your linux box running qmail; you can forward pop3 traffic to your box if you want, but I never check mail from outside of home so I don't bother.
Step 7b) Setup a dynamic dns service at dyndns.org. Resolution for changes is on the order of hours for the 'static' (changes less than once a month) service.
Step 8b) Setup an MX record pointing to the domain you registered at dyndns.org, which will point to your (changing) IP.
Step 9b) Add an SPF record for your domain authorizing your ISP's SMTP servers to send email for your domain, if you intend to send email via your ISP's SMTP server.
Step 10b) Add an SPF record for your local mail server, if you intend to send email using your own SMTP server.
There are many other ways you can actually go about doing this, and several which are more sophisticated; but if you can get either of those two to work, you should be able to figure out what else you'd like to do as well.
He claimed he was trying to start a software business. He also stated publicly that he registered it because it sounded like "microsoft." While on paper you wouldn't confuse the two, microsoft and mikerowesoft are phonetically identical. While you may not agree with it, the arguement can be made that the phonetic similarity between microsoft and mikerowesoft would be enough to constitute trademark infringement.
MS may not have won such a trademark case -- that's not the point. Hell, they probably wouldn't care. The point is that an arguement CAN be made for trademark infringement. Unless you vigilantly defend your trademark, someone else can come along, point at the one time you ignored it, and can claim that the term has become generic.
You won't see anyone branding linux "Microsoft Linux" today, because MS still holds the trademark. Once the term "Microsoft" becomes generic, there is no more trademark, and such a title is fair game. Which is the whole point.
The dialup ISP that controls my email address requires one to be on an IP address that is controlled by them in order to send mail through their SMTP server.
Simply using the "Reply-To" field isn't really an option for reasons that have been explained by someone else in this thread.
So your arguments are:
1) Your ISP is stuck in the stone age and doesn't have a server capable of SMTP auth.
2) Your friends are too stupid to figure out what Reply-To means.
Why not? It *IS* my real email address after all.. the only reason it even might appear to be spoofed at all is because my broadband's domain is different from our previous ISP that my wife and I have kept our email accounts on.
Sure, YOU know that. How do *I* know that? That's the whole point. I don't. If I did know that the party sending email on your behalf was authorized to do so, vs a party NOT authorized to do so, it would be a HUGE win against spam. SPF is THE absolute best idea I've seen to combat the problem.
The solution to your 'problems' is to convince your ISP to get their act together. Use a proper SMTP server which supports SMTP auth, and allow their customers to send email from IPs outside their network using SMTP auth. The standard is frick'in 5 years old now, there isn't any excuse to not support it.