1. You mention in your other post that "There would be absolutely no point in spammers taking over people's machines with viruses in order to send email if email must be sent through a qualified mail server." This is flat-out wrong. If I want to send spam under your scheme, here's what I do:
- Register a domain name for $5 - Create a public/private keypair, and place the public key on the MX for that domain so that it's available for verification - Sign the spam once with the private key - Use my legion of compromised machines to deliver that signed spam
Your error is in assuming that the signing must occur at the mail server. I can sign the message at any point, presuming I have the private key, and then inject it into the system by any means I choose. If you are in possession of the private key then adding a valid signature is just as trivial as forging a header. Regardless of how it was sent, when the recipient goes to check the signature it will pass since the public key on record for the domain matches the private key I used to sign all my spam.
2. It puts a tremendous load on the MX servers for each domain. Under your scheme, a MX must be contacted for EVERY mail received from that domain. Do you really think Yahoo wants to support the load of a seperate key-request every time a mail from yahoo.com is moved from one SMTP host to another? You can somewhat abate this by just putting the key in DNS, so that it can be efficiently cached.
3. It breaks the ability to send mail unless you relay through the corporate/official mail server. This is also a fault of SPF. There are a lot of people that legitimately want to send email as "foo@example.com" without having to use example.com's mail relay. For example, the example.com CIO is on the road with his laptop and wants to send mail. Now every organization out there must configure some form of authentication for their smarthost so that anyone that needs to send mail and is not within the firewall can do so. Some might argue that this is a good thing (and I tend to agree), but regardless of your feelings in that regard it's a HUGE change that will break many, many setups, and will piss off a lot of people. For example, home broadband users will be forced to relay through their ISP's mail server -- some of which don't support sending mail for any domain other than the ISP's domain. Now those people can't send mail at all, period. So for example, they can't read work email at home and reply, because the ISP won't let them relay and the work network doesn't support SMTP authentication outside of the firewall.
4. It means that all of an organization's mail must be sent through a central choke-point. Since everything has to be signed using the domain's key, it means that either you have to distribute this precious private key to every host that wants to send mail (thus risking its compromise) or it means you have to set up a large, beefy cluster that can handle the entire volume of your organization's outgoing mail. Large organizations don't like anything that adds such a central point of failure and that requires more resources than previously. Remember that cryptographic operations such as message signing are not trivial in terms of CPU or resources.
5. So, finally, after all of these significant changes and major breakage, what does it provide? Well it means that spammers now have to register a $5 domain for each spam-run. At the end of the day all that's guaranteed is that the message originated from someone who has control over the domain that it purports to be from. Sure, you can blacklist the domain once its found that it's a spammer domain, but they can just buy another. Remember, one domain is sufficient for an entire run (million of messages) so it's not like they'd have to pay per-message. Domains are cheap and can be registered in bulk. It would be an inconvenience to them, but hardly a significant one.
The SPEWS administrators are a group of people that are fed up with spam. They are tired of the bullshit. They are regular sysadmins that have tried all the conventional methods and found that they don't work. Therefore they start blocking when spam comes from a netblock, and expand that block when the ISP does not boot the spammers. Yes, this includes listing innocent third parties. That's by design. But if you live in a crackhouse you have to expect to deal with scumbags and the fallout of choosing a scumbag for an ISP.
SPEWS itself doesn't block anything. If you don't agree with them, then by all means don't use their list. If your mail is blocked by someone that's using SPEWS, then you need to contact that person and tell them that their decision to use SPEWS is causing false positives. But that's between you and your recipient, it has nothing to do with SPEWS.
The people behind SPEWS have every right to publish lists of netspace that they feel are spam-friendly. YOu have every right to disagree with them and choose to ignore them. No one is forcing you to use SPEWS. Drop the fucking "Oooohhh nooo, they're not faiiiirrrr! Waaaaa!" bullshit. They aren't blocking shit. THe people that choose to use their list are, and your beef is with them, not SPEWS.
Re:Plasma is for sucks. DLP is the way to go.
on
CES 2004 Coverage
·
· Score: 1
Just a random note, it does not make people "nauseous", it makes them "nauseated." Nauseous describes the thing that is causing the discomfort, nauseated refers to the state of being affected by that thing. When you say "I'm feeling nauseous" you're saying "I feel that I am causing other people to want to vomit." If you say "I'm nauseated" that means you feel like vomiting.
Yeah, because all that ftp traffic on a nonstandard port doesn't show up in their mrtg output. Bandwidth only counts when it's on known standard ports, otherwise the bandwidth fairies carry those bits, which means that it doesn't cost the ISP anything...
Come on dude, a byte it a byte, it matters not what port it's on in terms of how much it costs the ISP.
(okay, so that sounded like flamebait, I didn't mean to be an ass about it.)
Yes, that's a ridiculous idea. How exactly would you implement it? What it amounts to is an instruction for a remote machine to delete a file. Yeah, like that's not a security risk. What's to prevent some troll from canceling every post to a mailing list? (In usenet they have an elaborate and arcane system that revivies canceled posts and cancels actual spam; it barely works, and Usenet is MUCH more controlled and tightly administered than email.) Plus, what if I mark my mail folder read-only? Is the program supposed to override me? Surely someone will author a mail program that ignores all cancel requests. I mean, if someone is trying to retract something, it's probably juicy right? And from the moment that it is ignored it ceases to be useful. Besides, what if I back up my mail folder? Is it supposed to hunt down every copy of the email?
The only way it's possible is with a central email store and trusted/authenticated user logins. Which is what Exchange provides. Which is why it's possible there. It's impossible (or at least, useless) otherwise.
Yes, that is PRECISELY what I'm saying, and it has nothing to do with the quality (or lack thereof) of the wireless hardware. SSH, IPSEC, et al. work based on sound cryptography. They are designed such that it doesn't matter whether the attacker can see the entire message conversation between A and B. The link is still secure. The security doesn't come from the wireless hardware, it comes from the fact that you drop all packets except those that pass through a ssh tunnel, which itself is secured by public-key authentication. If you're somehow saying that you know of a backdoor in SSH that makes it vulnerable to a man-in-the-middle attack then you'd certainly be smarter then the dozens of cryptologists who have studied this for years and years.
Oh please. Your "report" mentions MAC filtering and WEP. SUre, if those are the only thing that you know about then sure wireless is going to always be insecure. But, duh, there are tons of other methods to positively secure your wireless network. Such as: a SSH tunnel, IPSEC, VPNs, etc. Get a clue please before you denounce wireless as "insecurable."
I don't see why you'd need any fancy AI or genetic algorithms to mimic the slashdot submitters. Most of them just copy+paste the first two or three sentences of the article, without adding anything. That could easily be replaced by a perl script in about 20 minutes.
Linus (and any other copyright holders of portions of Linux) could forbid SCO from using *future* releases of the software, by amending the license. But the copies already out there are under the GPL, which means that anyone that has a copy is free to give it to anyone else. Thus, you can't put the genie back in the bottle. Once a certain version of code is released under the GPL, you can't take it back and say "No, I was just kidding, you can't use that code." That's rather the whole point of the GPL.
Oh please. Every half-decent email application has the ability to thread messages based on "In-Reply-To" and "References" headers. This has been around for years, decades even, and is absolutely nothing new, and certainly not specific to mutt.
Could you be any MORE confusing? 2^30 is not 1 billion. It's 1,073,741,824. And the date as of right now is:
$ date +%s 1072051722
So, yes, there is an issue with the date overflowing a 30 bit space. I'd hardly say it's relevant, any software that made such a braindead choice (why 30 and not 32 bits?) deserves to break. But it has nothing to do with a billion or anything else related to base 10. It hit 1 billion a long time ago, and it was covered then.
A patch implies that existing code was modified in some way to fix an issue. That is not the case here. This is just an add-on program that helps the user. It doesn't modify any existing code, and if this little helper app isn't constantly running in the background there's no protection whatsoever.
By your logic all of the thousands of random internet utilities available at the large "download depots" like cnet.com would be considered Windows patches.
It would be a patch if it modified or replaced one or more of the system DLL files, which is what most of the stuff you download from Windows Update does.
Yes, I'm fully aware that it's not a black and white issue and some code can be made more readable with gotos. However, are you really going to argue that the following code is made significantly more elegant with the goto there? That if I handed this in for my cs101 assignment it wouldn't receive some criticism? Did I mention that the exact same generic label ('_error_') is used as the destination of more gotos elsewhere in the same file? (note also the extraneous and confusing {}'s after the second if statement)
if (RegQueryValueEx(hKey, strValName, NULL, &dwType, (LPBYTE)(&ret), &dwCount) != ERROR_SUCCESS)
goto _error_;
{
if (dwType != REG_DWORD)
goto _error_;
}
RegCloseKey(hKey);
return TRUE;
_error_:
if (hKey)
RegCloseKey(hKey);
return FALSE; }
This is random garbage necessary to make slashdot's comment filter accept the post without complaining. oureiuhjerto8iu9803298032u94iouj32jlieijlhu942179u 2u9u9i12hji2q3hir/lhiqo4ry832 934uoa32i4ihl23h4lia23498098-049u2iujp4hliqwlhrehl ja2;o34oiy
Yeah no shit, you'd expect better code from "Security researchers." This thing is ripe with bad code (it's sprinked with gotos for error handling) as well as at least one probably exploitable buffer overflow. Observe: here is a bit of the code for the main URL checking routine: ('dest' holds the URL in question and can be up to 256 chars long)
Notice the parts in bold. Is it not apparent that 'surl' can easily be overflowed if strlen(sFake) + strlen(sTrue) + strlen("http://www.openwares.org/cgi-bin/exploit.c gi?") exceeds 256. This is really sloppy code.
From looking at the source it's not actually a patch so much as a 'wedge'. It creates a typelib (or COM object of some sort) that registers itself with the system. By doing this it hooks into the IE API, such that it is called every time a URL is visited. If it detects that the URL contains the spoof, it redirects you to their site, where a CGI script gives you an IE-error-like page: For example if the faked part of the URL was 'fake.com' and the real site was 'real.com' it would redirect you to http://www.openwares.org/cgi-bin/exploit.cgi?true. com&http://fake.com
So this is not so much a patch as a 'workaround'. It doesn't fix anything, it just intercepts those URLs and warns you about it.
If you're referring to the "(which they're not)" part: I don't remember now where I read it but it was probably a Laser FAQ site or something. Basically the conclusion was that not all laser pointers are created equal, especially not these cheapo $5 units. The label on just about every one of these says "3-5mW" because that's the class that they all must fall into (Class IIIa or something.) This does not mean that they necessarily put out 5mW, just that this class of device allows up to that much. I think the author included some tests that showed a significant difference in the power output of two different such devices that both had the same "3-5mW" sticker.
If you're a lazy windows user like me that's never played one of these before and don't know exactly what to download but you'd like to just play the winning entry, download and install WinFrotz and then grab the winning entry. Run the program, open the slouch.z5 file and you're on your way.
I don't think so. Even if they were putting out the maximum 5mW of power (which they're not) that's still only 0.6 Watts. The smallest and weakest soldering irons out there are probably at least 10 to 20 times that much power, and they'd have a tough time melting anything but very small pads.
And, even more importantly, it's not going to be very focused. If you look at the spot a laser pointer makes it's more of a blob, the optics on these things are NOT meant to be very accurate. Plus, with 120 of them, there's almost zero chance that they'd all be aimed at exactly the same spot. In order for cutting lasers to be useful they have to be highly focused and concentrated in a very small spot, much like the whole magnifying-glass-starts-fires trick thing.
I think you'd have a better chance of getting something to light by rubbing sticks together.
When you use images like this one that make it look like your celebrity is struggling to squeeze out a huge turd, it doesn't make me very interested in your product.
I think one class of people they're aiming this at is those that have some ghastly secret that they want to reveal to someone after they're dead... Like, "Dear Fred, you're adopted, I could never tell you." Or, "Dear Tony, it was me that ran over your mother back in 1972. I just couldn't bring myself to telling you."
Anyway, the point is that these people wouldn't trust a paper letter sitting around that could potentially be found by someone. The article touched on this, if you'd RTFA.
Sure, you could accomplish a similar thing with a safe deposit box, but then the question becomes which is cheaper. Surely keeping some encrypted emails on a server has got to be cheaper over the long run compared to renting a small physical space in a bank. Besides, then you have to worry about a curious family member stumbling upon the key and looking in the box, or something like that.
Also, surely it's easier on your benefactors to simply mail in this one thing (along w/a copy of the death certificate) rather than having to mail letters to a potentially long list of people. Plus, as people move you can easily update their email addresses, whereas with paper letters you'd have keep a current address on file somewhere always, including re-enveloping them whenever those people move. If you're keeping this in a deposit box then you've got to go to the bank as well.
There are really two seperate cases being discussed here, so let's be clear:
* ISP is blocking outbound port 25 traffic, except to their mail server ("smarthost" as it's known.) In this case, you cannot send mail directly. THe solution is to relay through your ISP's smarthost. If you can configure one of the various forms of authentication then usually you can send as any email address, so you don't have to worry about your domain name not being the same as your ISP's. You can also use a third party's smarthost, such as if you're paying for webhosting space for your website. It's best to do SMTP over SSL, but if your smarthost does not support this then many hosts will allow incoming traffic on port 26, so that your ISP's block does not stop you. You'll still have to setup authentication of some sort.
* ISP is blocking inbound port 25 traffic. This is harder to work around, and affects running your own mail server to receive incoming mails, as opposed to just sending mails directly as above. I'd say if you're running a mailserver on a cable modem you're probably doing yourself a disservice, and most likely breaking your TOS/AUP. It's a disservice in that I certainly wouldn't want to have to worry about losing emails when I take my computer down or want to play a game. You may disagree, or you may have a dedicated machine for receiving mail.
You can achieve the same effect, however, by having your mail delivered to some other host or dropbox, and then using a tool such as fetchmail to poll that dropbox regularly and deliver the messages to your local spool. This will have all the same effects as running your own mail server in that you can still have mail delivered to users or aliases, and procmail recipies (etc.) all work as expected. The only thing you can't really do is message rejection at delivery-time, which is a shame as this is the only really effective way of making your point to spammers. But that's another topic...
Slashdot Mirror
Your "grand scheme" has some serious flaws.
1. You mention in your other post that "There would be absolutely no point in spammers taking over people's machines with viruses in order to send email if email must be sent through a qualified mail server." This is flat-out wrong. If I want to send spam under your scheme, here's what I do:
- Register a domain name for $5
- Create a public/private keypair, and place the public key on the MX for that domain so that it's available for verification
- Sign the spam once with the private key
- Use my legion of compromised machines to deliver that signed spam
Your error is in assuming that the signing must occur at the mail server. I can sign the message at any point, presuming I have the private key, and then inject it into the system by any means I choose. If you are in possession of the private key then adding a valid signature is just as trivial as forging a header. Regardless of how it was sent, when the recipient goes to check the signature it will pass since the public key on record for the domain matches the private key I used to sign all my spam.
2. It puts a tremendous load on the MX servers for each domain. Under your scheme, a MX must be contacted for EVERY mail received from that domain. Do you really think Yahoo wants to support the load of a seperate key-request every time a mail from yahoo.com is moved from one SMTP host to another? You can somewhat abate this by just putting the key in DNS, so that it can be efficiently cached.
3. It breaks the ability to send mail unless you relay through the corporate/official mail server. This is also a fault of SPF. There are a lot of people that legitimately want to send email as "foo@example.com" without having to use example.com's mail relay. For example, the example.com CIO is on the road with his laptop and wants to send mail. Now every organization out there must configure some form of authentication for their smarthost so that anyone that needs to send mail and is not within the firewall can do so. Some might argue that this is a good thing (and I tend to agree), but regardless of your feelings in that regard it's a HUGE change that will break many, many setups, and will piss off a lot of people. For example, home broadband users will be forced to relay through their ISP's mail server -- some of which don't support sending mail for any domain other than the ISP's domain. Now those people can't send mail at all, period. So for example, they can't read work email at home and reply, because the ISP won't let them relay and the work network doesn't support SMTP authentication outside of the firewall.
4. It means that all of an organization's mail must be sent through a central choke-point. Since everything has to be signed using the domain's key, it means that either you have to distribute this precious private key to every host that wants to send mail (thus risking its compromise) or it means you have to set up a large, beefy cluster that can handle the entire volume of your organization's outgoing mail. Large organizations don't like anything that adds such a central point of failure and that requires more resources than previously. Remember that cryptographic operations such as message signing are not trivial in terms of CPU or resources.
5. So, finally, after all of these significant changes and major breakage, what does it provide? Well it means that spammers now have to register a $5 domain for each spam-run. At the end of the day all that's guaranteed is that the message originated from someone who has control over the domain that it purports to be from. Sure, you can blacklist the domain once its found that it's a spammer domain, but they can just buy another. Remember, one domain is sufficient for an entire run (million of messages) so it's not like they'd have to pay per-message. Domains are cheap and can be registered in bulk. It would be an inconvenience to them, but hardly a significant one.
Summary: I don't think th
Oh fucking please. THat is 100% bullshit.
The SPEWS administrators are a group of people that are fed up with spam. They are tired of the bullshit. They are regular sysadmins that have tried all the conventional methods and found that they don't work. Therefore they start blocking when spam comes from a netblock, and expand that block when the ISP does not boot the spammers. Yes, this includes listing innocent third parties. That's by design. But if you live in a crackhouse you have to expect to deal with scumbags and the fallout of choosing a scumbag for an ISP.
SPEWS itself doesn't block anything. If you don't agree with them, then by all means don't use their list. If your mail is blocked by someone that's using SPEWS, then you need to contact that person and tell them that their decision to use SPEWS is causing false positives. But that's between you and your recipient, it has nothing to do with SPEWS.
The people behind SPEWS have every right to publish lists of netspace that they feel are spam-friendly. YOu have every right to disagree with them and choose to ignore them. No one is forcing you to use SPEWS. Drop the fucking "Oooohhh nooo, they're not faiiiirrrr! Waaaaa!" bullshit. They aren't blocking shit. THe people that choose to use their list are, and your beef is with them, not SPEWS.
Just a random note, it does not make people "nauseous", it makes them "nauseated." Nauseous describes the thing that is causing the discomfort, nauseated refers to the state of being affected by that thing. When you say "I'm feeling nauseous" you're saying "I feel that I am causing other people to want to vomit." If you say "I'm nauseated" that means you feel like vomiting.
Yeah, because all that ftp traffic on a nonstandard port doesn't show up in their mrtg output. Bandwidth only counts when it's on known standard ports, otherwise the bandwidth fairies carry those bits, which means that it doesn't cost the ISP anything...
Come on dude, a byte it a byte, it matters not what port it's on in terms of how much it costs the ISP.
(okay, so that sounded like flamebait, I didn't mean to be an ass about it.)
Yes, that's a ridiculous idea. How exactly would you implement it? What it amounts to is an instruction for a remote machine to delete a file. Yeah, like that's not a security risk. What's to prevent some troll from canceling every post to a mailing list? (In usenet they have an elaborate and arcane system that revivies canceled posts and cancels actual spam; it barely works, and Usenet is MUCH more controlled and tightly administered than email.) Plus, what if I mark my mail folder read-only? Is the program supposed to override me? Surely someone will author a mail program that ignores all cancel requests. I mean, if someone is trying to retract something, it's probably juicy right? And from the moment that it is ignored it ceases to be useful. Besides, what if I back up my mail folder? Is it supposed to hunt down every copy of the email?
The only way it's possible is with a central email store and trusted/authenticated user logins. Which is what Exchange provides. Which is why it's possible there. It's impossible (or at least, useless) otherwise.
Well next time you'll just have to watch out for anything on boners.com, I'm afraid the entire site is like that. (And it's not that gross...)
Slashdot editors have had this happen to them! That is why they we have repeat stories, sometimes one right after the other!
Yes, that is PRECISELY what I'm saying, and it has nothing to do with the quality (or lack thereof) of the wireless hardware. SSH, IPSEC, et al. work based on sound cryptography. They are designed such that it doesn't matter whether the attacker can see the entire message conversation between A and B. The link is still secure. The security doesn't come from the wireless hardware, it comes from the fact that you drop all packets except those that pass through a ssh tunnel, which itself is secured by public-key authentication. If you're somehow saying that you know of a backdoor in SSH that makes it vulnerable to a man-in-the-middle attack then you'd certainly be smarter then the dozens of cryptologists who have studied this for years and years.
Oh please. Your "report" mentions MAC filtering and WEP. SUre, if those are the only thing that you know about then sure wireless is going to always be insecure. But, duh, there are tons of other methods to positively secure your wireless network. Such as: a SSH tunnel, IPSEC, VPNs, etc. Get a clue please before you denounce wireless as "insecurable."
I don't see why you'd need any fancy AI or genetic algorithms to mimic the slashdot submitters. Most of them just copy+paste the first two or three sentences of the article, without adding anything. That could easily be replaced by a perl script in about 20 minutes.
Linus (and any other copyright holders of portions of Linux) could forbid SCO from using *future* releases of the software, by amending the license. But the copies already out there are under the GPL, which means that anyone that has a copy is free to give it to anyone else. Thus, you can't put the genie back in the bottle. Once a certain version of code is released under the GPL, you can't take it back and say "No, I was just kidding, you can't use that code." That's rather the whole point of the GPL.
Oh please. Every half-decent email application has the ability to thread messages based on "In-Reply-To" and "References" headers. This has been around for years, decades even, and is absolutely nothing new, and certainly not specific to mutt.
Could you be any MORE confusing? 2^30 is not 1 billion. It's 1,073,741,824. And the date as of right now is:
$ date +%s
1072051722
So, yes, there is an issue with the date overflowing a 30 bit space. I'd hardly say it's relevant, any software that made such a braindead choice (why 30 and not 32 bits?) deserves to break. But it has nothing to do with a billion or anything else related to base 10. It hit 1 billion a long time ago, and it was covered then.
A patch implies that existing code was modified in some way to fix an issue. That is not the case here. This is just an add-on program that helps the user. It doesn't modify any existing code, and if this little helper app isn't constantly running in the background there's no protection whatsoever.
By your logic all of the thousands of random internet utilities available at the large "download depots" like cnet.com would be considered Windows patches.
It would be a patch if it modified or replaced one or more of the system DLL files, which is what most of the stuff you download from Windows Update does.
This is random garbage necessary to make slashdot's comment filter accept the post without complaining. oureiuhjerto8iu9803298032u94iouj32jlieijlhu942179
perl -e 'print "http://" . "A"x128 . "@\001" . "A"x118'
Notice the parts in bold. Is it not apparent that 'surl' can easily be overflowed if strlen(sFake) + strlen(sTrue) + strlen("http://www.openwares.org/cgi-bin/exploit.
From looking at the source it's not actually a patch so much as a 'wedge'. It creates a typelib (or COM object of some sort) that registers itself with the system. By doing this it hooks into the IE API, such that it is called every time a URL is visited. If it detects that the URL contains the spoof, it redirects you to their site, where a CGI script gives you an IE-error-like page: For example if the faked part of the URL was 'fake.com' and the real site was 'real.com' it would redirect you to http://www.openwares.org/cgi-bin/exploit.cgi?true. com&http://fake.com
So this is not so much a patch as a 'workaround'. It doesn't fix anything, it just intercepts those URLs and warns you about it.
If you're referring to the "(which they're not)" part: I don't remember now where I read it but it was probably a Laser FAQ site or something. Basically the conclusion was that not all laser pointers are created equal, especially not these cheapo $5 units. The label on just about every one of these says "3-5mW" because that's the class that they all must fall into (Class IIIa or something.) This does not mean that they necessarily put out 5mW, just that this class of device allows up to that much. I think the author included some tests that showed a significant difference in the power output of two different such devices that both had the same "3-5mW" sticker.
If you're a lazy windows user like me that's never played one of these before and don't know exactly what to download but you'd like to just play the winning entry, download and install WinFrotz and then grab the winning entry. Run the program, open the slouch.z5 file and you're on your way.
I don't think so. Even if they were putting out the maximum 5mW of power (which they're not) that's still only 0.6 Watts. The smallest and weakest soldering irons out there are probably at least 10 to 20 times that much power, and they'd have a tough time melting anything but very small pads.
And, even more importantly, it's not going to be very focused. If you look at the spot a laser pointer makes it's more of a blob, the optics on these things are NOT meant to be very accurate. Plus, with 120 of them, there's almost zero chance that they'd all be aimed at exactly the same spot. In order for cutting lasers to be useful they have to be highly focused and concentrated in a very small spot, much like the whole magnifying-glass-starts-fires trick thing.
I think you'd have a better chance of getting something to light by rubbing sticks together.
Dear X3D advertising department:
When you use images like this one that make it look like your celebrity is struggling to squeeze out a huge turd, it doesn't make me very interested in your product.
I think one class of people they're aiming this at is those that have some ghastly secret that they want to reveal to someone after they're dead... Like, "Dear Fred, you're adopted, I could never tell you." Or, "Dear Tony, it was me that ran over your mother back in 1972. I just couldn't bring myself to telling you."
Anyway, the point is that these people wouldn't trust a paper letter sitting around that could potentially be found by someone. The article touched on this, if you'd RTFA.
Sure, you could accomplish a similar thing with a safe deposit box, but then the question becomes which is cheaper. Surely keeping some encrypted emails on a server has got to be cheaper over the long run compared to renting a small physical space in a bank. Besides, then you have to worry about a curious family member stumbling upon the key and looking in the box, or something like that.
Also, surely it's easier on your benefactors to simply mail in this one thing (along w/a copy of the death certificate) rather than having to mail letters to a potentially long list of people. Plus, as people move you can easily update their email addresses, whereas with paper letters you'd have keep a current address on file somewhere always, including re-enveloping them whenever those people move. If you're keeping this in a deposit box then you've got to go to the bank as well.
Wow! Do you know Vin Diesel? You just need to find a third guy named "Alexander Isopropyl" or something and you'd have your own little gang!
There are really two seperate cases being discussed here, so let's be clear:
* ISP is blocking outbound port 25 traffic, except to their mail server ("smarthost" as it's known.) In this case, you cannot send mail directly. THe solution is to relay through your ISP's smarthost. If you can configure one of the various forms of authentication then usually you can send as any email address, so you don't have to worry about your domain name not being the same as your ISP's. You can also use a third party's smarthost, such as if you're paying for webhosting space for your website. It's best to do SMTP over SSL, but if your smarthost does not support this then many hosts will allow incoming traffic on port 26, so that your ISP's block does not stop you. You'll still have to setup authentication of some sort.
* ISP is blocking inbound port 25 traffic. This is harder to work around, and affects running your own mail server to receive incoming mails, as opposed to just sending mails directly as above. I'd say if you're running a mailserver on a cable modem you're probably doing yourself a disservice, and most likely breaking your TOS/AUP. It's a disservice in that I certainly wouldn't want to have to worry about losing emails when I take my computer down or want to play a game. You may disagree, or you may have a dedicated machine for receiving mail.
You can achieve the same effect, however, by having your mail delivered to some other host or dropbox, and then using a tool such as fetchmail to poll that dropbox regularly and deliver the messages to your local spool. This will have all the same effects as running your own mail server in that you can still have mail delivered to users or aliases, and procmail recipies (etc.) all work as expected. The only thing you can't really do is message rejection at delivery-time, which is a shame as this is the only really effective way of making your point to spammers. But that's another topic...