If Monster.com wants to send an email as one of its customers, it should authenticate with the customer's email server and send the email. If the customer wants to allow them to do this, they can give Monster.com their authentication info.
The reason why mail servers don't bother to support authentication and secure support is simple: there's no point to it. So long as I can send an email as anyone from any computer on the internet, what is the point of requiring authentication at a server that I can avoid? Secure transport solves problems with hijacking and intercepting transmissions. Neither of those things are at all prevalent (and they really have nothing to do with spam; if I have a spam server, there is no reason why I can't set it up with a secure transport mechanism).
And the flat rate is determined by what? Yes, average cost. Considering that 2/3 of email traffic is spam, they should at least be able to cut costs by a 1/3 if a method was found that eliminated say, 90% of spam.
Also, your "precautions" involve avoiding things that in many cases, I would like to do. I want to be able to post my email address in a machine readable form so that possible employers/customers can reach me. Also, once you get on the list (which even if with full precautions can happen; if I disseminate my email address, it offers people the chance to do stupid things with it; remember CrushMatch?), it is impossible to get off without abandoning the email account.
It's not just the cost of my processing the email. I have already lost a consulting job because the person to whom I sent an email did not recognize that email address and deleted it. That is a lost opportunity that is caused by the fact that there are no controls on spam.
You authorize your own machine to send email from your domain. If you don't own a domain, then you need to either get one or find an (authenticated) SMTP relay for your domain.
Note: with this, there is no longer any reason to blacklist DHCP IPs. If they have a domain (or an authenticated relay), they can send email again.
If you want the new, potentially unstable apps in Debian, you should run a testing (Sarge) distribution. Stable is just that--stable. Woody is not really a desktop distro. The Debian desktop distro is Sarge. A neat side effect of this is that desktop users do the QA for the servers (which run Woody, because on servers stability is more important than having the latest features).
3. They may not be able to reveal the SCO code openly, but they can certainly reveal the *Linux* code that is supposed to be taken from SCO. In fact, there is no reason for them not to do this, other than that they would no longer be able to send harassing letters to Linux users after the code was rewritten.
I did not care about this lawsuit much until SCO started making claims that Linux itself should be considered vulnerable. I'm quite sure that IBM is more than capable of defending itself. However, SCO's attitude towards Linux is indefensible. If there really is SCO code in Linux, the Linux developers need to know where it is so that they can remove it. Further, if SCO is going to make veiled threats about pursuing end users because of the use of the code, then they need to tell those end users what code is involved, to give us a chance to stop using it.
Well, given his performance in the case against MS (yes, MS is a monopoly; yes, it abused its monopoly position; no, we aren't going to actually do anything about it), maybe that is good news...
I don't think that he can rely on IBM to falsify evidence the way that MS did (the crashing of the IE-less winbox was faked, since they couldn't get the actual machine to crash on cue). Otoh, their letter (http://www.sco.com/scosource/letter_to_linux_cust omers.html) contains fraudulent claims.
For example, they are not the holders of the rights of the Unix code held by AT&T. A great deal of that code is held in *common* between them and BSD. They have no exclusive claims to that code. So long as someone complies with BSD's licensing of the BSD code, SCO can't complain. Even if it is the same code.
It says that there is no mechanism to determine that code is not someone else's IP. Yet, there are two: one, the GPL is very clear in stating that it is a breach of the GPL to list as GPLed code code that is encumbered by IP issues; two, the source code is (and always has been) available. Further, if their claim (that SCO owned code is in Linux) were proved correct, then it can be shown that they were in violation of the GPL, because they knowingly distributed code under the GPL that was encumbered by IP issues. In addition, SCO has not demonstrated (and I don't believe that they can demonstrate) that any mechanism they might have to keep Linux IP out of SCO code is more robust than that of Linux to keep SCO IP out of Linux code.
I think that this is expecting a bit much of IBM. It is far more likely that the message that they will send SCO (and anyone who might consider a similar lawsuit) is "Attack IBM and die."
Or maybe: my name is Inigo Business Montoya; you question my IP handling? Prepare to die.
Yeah, the intention was transparent. He was telling people to go back in time and boycott the Dixie Chicks. IF you RTFA, it's clear that the quote was *after* the boycott, not an incitement to *start* a boycott.
The right to boycott *was* an issue. The Dixie Chicks were protesting the boycott with that nude magazine cover shown in the article. Bush was just responding to them. I'm sure that he felt very gratified to find that so many country music fans were supporting a decision that he had made (even if many may have been supporting the country and the military more than Bush himself). There is nothing sinister about this--he was just being human.
In regards to Trent Lott praising Strom Thurmond, the real scandal was not that he was espousing racism (because, frankly, I don't think that even he was a stupid enough politician to do such a thing), but that as a politician, he was blindly supporting another member of his own party. Unfortunately, he didn't have the historical background to praise something about Strom Thurmond that people actually liked, so he popped out a stock comment. Later, people (not him) actually thought about what he said and pointed out that it was utter rot.
This kind of idiocy is not limited to Republicans. I once attended an ethnic function (Italian Day at Kennywood Amusement Park) where politicians were speaking. One of the Democrats (IIRC, it was Jay Costa, Jr., but I could be wrong) referred to one Frank Pecora as a "much needed breath of fresh air" for Washington, D.C. This is despite the fact that said Pecora was a career politician (20+ years) who was gerrymandered out of his State Rep. seat, so he switched parties (for the second time in his career) to run against first term Congress member, Rick Santorum (best known at the time for exposing the shoddy, country club like financial practices of the House bank). Everyone there knew that Frank Pecora was as politics as usual as anyone; the description was absolutely ridiculous. However, that's how politicians talk about each other. In 1992, people were looking for breaths of fresh air, so those were the words Costa used. Nothing to do with reality, everything to do with molding perception.
Lott was merely doing the same thing. Frankly, I was glad that he got called on it. I just find it unfortunate, that so few recognize that the real problem is that politicians consider it reasonable to say nice things about other politicians for *no* other reason than that said politician happens to be of the same party.
Lott got reprimanded by the party not for espousing racism (which no one really believed he was doing) but for being so utterly stupid as to make a statement that could be taken that way. For years, he could make stupid statements like that without real consequences (the way Costa did about Pecora--everyone understood that it was BS, but no one bothered to call him on it). However, the words of a Majority Leader of the Senate have more weight and will be considered news in a way that the words of a mere Clerk of Courts (or whatever Costa was doing at the time) or even those of a more run of the mill Senator do not.
According to the parent's link, the law applies to email sent to CA residents with a CA ISP. If this has any effect at all, we may be seeing a bunch of colocated email servers popping up in CA.
Note: IANAL. At first, I thought that it might be enough to have switching equipment in the state, but looking down at their reasons for the commerce clause not applying, switching equipment is not sufficient. Further, if AOL accepts mail in NY and then relays it to their CA server for delivery, as I understand it, AOL would be liable for that, not the spammer. One of the linchpins of the decision is that one can determine the geographic location of the email server. If they send to an email server outside of CA, then that fails. Of course, if you reply to the email telling them that you are in CA (and so is your email server) and they send you more email, that might be enough to establish the geographic location (even if they don't receive the email--if the law is properly worded, it's their responsibility to offer you a contact method).
SCO has no basis for a suit against Red Hat. Red Hat never had their source code and could not have put any of it in Linux (unlike IBM). Otoh, Red Hat may have a suit against SCO, since SCO claims to have knowingly distributed a GPLed product that was encumbered by IP constraints. This is specifically prohibited in the GPL (section 7?).
Sco is also vulnerable because they are providing no assistance in removing the offending sections from Linux (by specifying which ones they are). Until they do so, there is no way that they can make claims against anyone for using any IP they may own. Further, if someone is damaged by their slowness or by their rash, blanket declaration of fault that was sent out to 1500 Linux using organizations, Sco would be subject to paying damages for their malfeasance.
I still predict that the net effect of this will be to bankrupt Sco. Even if they win the lawsuit against IBM (which seems unlikely, since of the two organizations, IBM is much farther along in IP issues; I still think that it is more likely that SCO used Linux or IBM code in Unixware than IBM put Unixware code into Linux; IBM had a whole department to vet whether code be used or not; did Sco?), they will still be vulnerable to lawsuits by the Free Software Foundation, et.al. for damages they caused with the heavy handedness of this lawsuit.
Yeah, but can you sleep with them? That seems to be more along the point of this article.
Lots of sites use the old Firefly technology or something similar to project what you might like by comparing you to other people who currently have similar tastes. Amazon.com actually allows you to rate products that they recommend if you already own them. This gives them even more information to try to guess stuff they could sell you.
Public phones are getting removed because drug dealers use them to make deals. In general, a drug dealer is not someone you want to have hanging around in your neighborhood. They tend to be armed, paranoid (particularly if they use their own product), and subject to being attacked by others who fit the same profile.
They are also unlikely to call the police if they see a crime being committed, which means that they don't provide the anti-crime benefit in which you believe.
If I had this worm, I would find the uninstall-executable less intrusive than starting up IE and sending me to a web site. The uninstall only affects the worm's operation. What you are recommending is further cracking my box (admittedly, the box is already cracked, but why go farther). As you are then taking active effort to crack my box, I would regard that as illegal.
An analogy. I regard this as the equivalent of walking by a a car with its windows down in the rain and rolling them up. It's just good citizenship. What you are suggesting is more along the lines of triggering the garage door opener, walking in, and leaving a note saying that the windows are down. Not only is it more intrusive, but it still lets the car get wetter while you are doing it and while you are waiting for people to find your note (which they may do immediately or not). Not to mention the fact that the worm affects other computers more than your computer.
If you had the choice between being in jail and undergoing an operation that would let you get out, which would you choose?
I'm not sure that they would use this with criminals anyway. It would seem more secure to me to add it externally with a lock for criminals. Internally, it seems to me that they would just get another operation and have it removed.
I'm more concerned with sender verification than filtering (which apparently is already losing value). This system would be inherently more secure, because you can't fire up your email server, blast out a few thousand emails, and turn off the server. If you do that, I never get your spam, since you're no longer providing it.
Further, if mail servers had to be verified by DNS entries (and only accept email to send with password authentication), then I know I'm getting email from a real account. Now, I can blacklist by *sender* filtering which is practically useless now, since there is no way to verify the sender (and why use the same sender twice? just make up a new one instead).
Filtering can still be done by your email client before you read the email. This is not perfect, but then neither is the current system.
Anything that shifts more of the burden to the sender is preferable to the current system, where it is the recipient who bears the burden. Here, if you allow spam through your mail server, you are the one bearing the burden of storing it and transmitting multiple copies of it, not the recipients' mail servers. Also, note that it reduces the storage burden for a message with lots of recipients over all, since the message only needs to include one copy until downloaded by the recipient. Under the current system, each mail server with a recipient would have to have their own copy in their queue.
This also makes it easier to enforce anti-spam legislation, since we now have a trail back to the spammer (or at least a spammer friendly mail server).
Btw, in the previous election, it had been the GOP who got screwed by the system. The problem was that it is easy to vote for the top person correctly, but the votes after that were frequently mispunched because the ballot used both sides with the punches in the middle:
Bush O
O Buchanan Gore O
It's easier to read here (since the name is the same size as the bubble and I can't get the spacing to come out the way I want it: the Os should be lined up with each other and farther from the names), but in the actual ballots it was hard to tell that Gore was the third mark rather than the second. The previous election (which had similar problems, but since the vote wasn't close, so no one cared) had Clinton where Bush was and Dole where Gore was. I'm not sure who the third party candidate that benefited was.
Regardless, the way to fix this is to count the votes as you go as NC apparently does (description posted above this). I think they are missing a step in that you should also check with the voter to see if the electronic vote is correct (i.e. if they don't hit submit, the vote is not added to the total, and they have a chance to redo their ballot). Apparently in NC, they only check to make sure that the vote is well formed (no overvotes), not that it is representative of how that person wishes to vote.
Right now, I would settle for *any* authentication of mail servers. Even something as simple minded as adding a DNS record that verifies that a server is authorized to send email for a domain would be a *huge* step forward at the moment.
It's ridiculous that they can spam anyone as anyone through open relays and proxies, so that we can't determine their real identity.
I posted higher in this discussion that it would help to have a DNS entry for SMTP servers authorized to send email for a domain (and your proposal still needs something like this; the current system has no way of verifying that someone is who they say they are). However, if you want to start over and redo SMTP:
Add a new protocol where mail stays on the *sending* server until you pop it off with your client. Instead of sending the entire email to your mail server, it just sends the headers. This does two things: one, it gives you a chance to see the headers (not necessarily all of them; subject and sender would probably be enough) before making the decision to get the email; two, it pushes the spam burden onto the sending server. Now, they are the ones who have to waste bandwidth and disk space on the message.
The other thing that you need is for mail servers to insist on authentication from the user trying to use them to send mail (the DNS record would help as well). Then the originating server will know who is sending the spam. No more fake addresses. Traceable end to end. Then you can actually blacklist domains (now there is no point--spammers do not use their own domain to send email) and email addresses.
The real problem with the current system isn't a weakness of blacklist filters. The problem is that there is nothing in the email protocol which validates identity of the sender. This means that they can do things that are blatantly illegal and get away with it.
Open relays on DSL lines are no longer valuable if we add a DNS field for SMTP servers authorized to send for a domain. Then, you need to actually own the domain to send mail for it (to servers that require the DNS field). Anonymity gone.
There are no protections for domains or email addresses on the internet. If you gave me your email address, I could send you an email as you. It's not any one person's problem; it's built into the system. Never blacklist a domain, there is no point. Blacklist IPs. They are almost impossible to fake without hijacking network hardware (i.e. routers).
Yes, but that assumes that they know about the spam. Without a law making them liable (i.e. now), that will generally be true. However, with a law making them liable, then it is to their competitors' advantage to spam in their name. That gets them fined. They can't give up the spammer, because they have nothing to do with it. Thus, they get hit worse for doing nothing than would someone who was actively involved in the spam.
What I am saying is that if someone sells a product with the knowledge that it is going to be sold through spam, they should be liable. I would be very surprised if Pfizer had no idea who was selling their product through spam. As such, they are an accessory and should be punished as one. Further, if companies find out that they can be punished for their resellers using spam, they will stop supporting it.
Jail spammers (those actually sending the emails).
What we were talking about was the companies who are providing product (who may or may not actually know about the spam). I would like some kind of responsibility for companies that benefit indirectly from spam. In other words, if Pfizer sells Viagra to someone who then uses spam to sell it, I would like Pfizer to be responsible for paying back the profit they made as an indirect result of spam. If it is shown that they knew that they were selling to someone who spammed, then I would like them to be fined. If they sent the spam, then jail terms and such could apply.
The problem now is that we can't sue the company selling the stuff without proof that they are actively involved with the spam. It would be much easier to track down the spammers if we could tell the seller that they have to show us who profits from that sale. Obviously, one of the people profiting is sending the spam (otherwise, why is it being sent?).
Slashdot Mirror
If Monster.com wants to send an email as one of its customers, it should authenticate with the customer's email server and send the email. If the customer wants to allow them to do this, they can give Monster.com their authentication info.
The reason why mail servers don't bother to support authentication and secure support is simple: there's no point to it. So long as I can send an email as anyone from any computer on the internet, what is the point of requiring authentication at a server that I can avoid? Secure transport solves problems with hijacking and intercepting transmissions. Neither of those things are at all prevalent (and they really have nothing to do with spam; if I have a spam server, there is no reason why I can't set it up with a secure transport mechanism).
And the flat rate is determined by what? Yes, average cost. Considering that 2/3 of email traffic is spam, they should at least be able to cut costs by a 1/3 if a method was found that eliminated say, 90% of spam.
Also, your "precautions" involve avoiding things that in many cases, I would like to do. I want to be able to post my email address in a machine readable form so that possible employers/customers can reach me. Also, once you get on the list (which even if with full precautions can happen; if I disseminate my email address, it offers people the chance to do stupid things with it; remember CrushMatch?), it is impossible to get off without abandoning the email account.
It's not just the cost of my processing the email. I have already lost a consulting job because the person to whom I sent an email did not recognize that email address and deleted it. That is a lost opportunity that is caused by the fact that there are no controls on spam.
You authorize your own machine to send email from your domain. If you don't own a domain, then you need to either get one or find an (authenticated) SMTP relay for your domain.
Note: with this, there is no longer any reason to blacklist DHCP IPs. If they have a domain (or an authenticated relay), they can send email again.
If you want the new, potentially unstable apps in Debian, you should run a testing (Sarge) distribution. Stable is just that--stable. Woody is not really a desktop distro. The Debian desktop distro is Sarge. A neat side effect of this is that desktop users do the QA for the servers (which run Woody, because on servers stability is more important than having the latest features).
3. They may not be able to reveal the SCO code openly, but they can certainly reveal the *Linux* code that is supposed to be taken from SCO. In fact, there is no reason for them not to do this, other than that they would no longer be able to send harassing letters to Linux users after the code was rewritten.
I did not care about this lawsuit much until SCO started making claims that Linux itself should be considered vulnerable. I'm quite sure that IBM is more than capable of defending itself. However, SCO's attitude towards Linux is indefensible. If there really is SCO code in Linux, the Linux developers need to know where it is so that they can remove it. Further, if SCO is going to make veiled threats about pursuing end users because of the use of the code, then they need to tell those end users what code is involved, to give us a chance to stop using it.
Well, given his performance in the case against MS (yes, MS is a monopoly; yes, it abused its monopoly position; no, we aren't going to actually do anything about it), maybe that is good news...
t omers.html) contains fraudulent claims.
I don't think that he can rely on IBM to falsify evidence the way that MS did (the crashing of the IE-less winbox was faked, since they couldn't get the actual machine to crash on cue). Otoh, their letter (http://www.sco.com/scosource/letter_to_linux_cus
For example, they are not the holders of the rights of the Unix code held by AT&T. A great deal of that code is held in *common* between them and BSD. They have no exclusive claims to that code. So long as someone complies with BSD's licensing of the BSD code, SCO can't complain. Even if it is the same code.
It says that there is no mechanism to determine that code is not someone else's IP. Yet, there are two: one, the GPL is very clear in stating that it is a breach of the GPL to list as GPLed code code that is encumbered by IP issues; two, the source code is (and always has been) available. Further, if their claim (that SCO owned code is in Linux) were proved correct, then it can be shown that they were in violation of the GPL, because they knowingly distributed code under the GPL that was encumbered by IP issues. In addition, SCO has not demonstrated (and I don't believe that they can demonstrate) that any mechanism they might have to keep Linux IP out of SCO code is more robust than that of Linux to keep SCO IP out of Linux code.
I think that this is expecting a bit much of IBM. It is far more likely that the message that they will send SCO (and anyone who might consider a similar lawsuit) is "Attack IBM and die."
Or maybe: my name is Inigo Business Montoya; you question my IP handling? Prepare to die.
Yeah, the intention was transparent. He was telling people to go back in time and boycott the Dixie Chicks. IF you RTFA, it's clear that the quote was *after* the boycott, not an incitement to *start* a boycott.
The right to boycott *was* an issue. The Dixie Chicks were protesting the boycott with that nude magazine cover shown in the article. Bush was just responding to them. I'm sure that he felt very gratified to find that so many country music fans were supporting a decision that he had made (even if many may have been supporting the country and the military more than Bush himself). There is nothing sinister about this--he was just being human.
In regards to Trent Lott praising Strom Thurmond, the real scandal was not that he was espousing racism (because, frankly, I don't think that even he was a stupid enough politician to do such a thing), but that as a politician, he was blindly supporting another member of his own party. Unfortunately, he didn't have the historical background to praise something about Strom Thurmond that people actually liked, so he popped out a stock comment. Later, people (not him) actually thought about what he said and pointed out that it was utter rot.
This kind of idiocy is not limited to Republicans. I once attended an ethnic function (Italian Day at Kennywood Amusement Park) where politicians were speaking. One of the Democrats (IIRC, it was Jay Costa, Jr., but I could be wrong) referred to one Frank Pecora as a "much needed breath of fresh air" for Washington, D.C. This is despite the fact that said Pecora was a career politician (20+ years) who was gerrymandered out of his State Rep. seat, so he switched parties (for the second time in his career) to run against first term Congress member, Rick Santorum (best known at the time for exposing the shoddy, country club like financial practices of the House bank). Everyone there knew that Frank Pecora was as politics as usual as anyone; the description was absolutely ridiculous. However, that's how politicians talk about each other. In 1992, people were looking for breaths of fresh air, so those were the words Costa used. Nothing to do with reality, everything to do with molding perception.
Lott was merely doing the same thing. Frankly, I was glad that he got called on it. I just find it unfortunate, that so few recognize that the real problem is that politicians consider it reasonable to say nice things about other politicians for *no* other reason than that said politician happens to be of the same party.
Lott got reprimanded by the party not for espousing racism (which no one really believed he was doing) but for being so utterly stupid as to make a statement that could be taken that way. For years, he could make stupid statements like that without real consequences (the way Costa did about Pecora--everyone understood that it was BS, but no one bothered to call him on it). However, the words of a Majority Leader of the Senate have more weight and will be considered news in a way that the words of a mere Clerk of Courts (or whatever Costa was doing at the time) or even those of a more run of the mill Senator do not.
According to the parent's link, the law applies to email sent to CA residents with a CA ISP. If this has any effect at all, we may be seeing a bunch of colocated email servers popping up in CA.
Note: IANAL. At first, I thought that it might be enough to have switching equipment in the state, but looking down at their reasons for the commerce clause not applying, switching equipment is not sufficient. Further, if AOL accepts mail in NY and then relays it to their CA server for delivery, as I understand it, AOL would be liable for that, not the spammer. One of the linchpins of the decision is that one can determine the geographic location of the email server. If they send to an email server outside of CA, then that fails. Of course, if you reply to the email telling them that you are in CA (and so is your email server) and they send you more email, that might be enough to establish the geographic location (even if they don't receive the email--if the law is properly worded, it's their responsibility to offer you a contact method).
You forgot
0. Move to California, so changes in California law matter to you.
Of course, you may have taken this step previously.
A *HIGH END* tech company, no less. I'm amazed they made it this long. They must have had good cash reserves.
Until MS lays people off, I'll just ignore the part about nobody being immune.
SCO has no basis for a suit against Red Hat. Red Hat never had their source code and could not have put any of it in Linux (unlike IBM). Otoh, Red Hat may have a suit against SCO, since SCO claims to have knowingly distributed a GPLed product that was encumbered by IP constraints. This is specifically prohibited in the GPL (section 7?).
Sco is also vulnerable because they are providing no assistance in removing the offending sections from Linux (by specifying which ones they are). Until they do so, there is no way that they can make claims against anyone for using any IP they may own. Further, if someone is damaged by their slowness or by their rash, blanket declaration of fault that was sent out to 1500 Linux using organizations, Sco would be subject to paying damages for their malfeasance.
I still predict that the net effect of this will be to bankrupt Sco. Even if they win the lawsuit against IBM (which seems unlikely, since of the two organizations, IBM is much farther along in IP issues; I still think that it is more likely that SCO used Linux or IBM code in Unixware than IBM put Unixware code into Linux; IBM had a whole department to vet whether code be used or not; did Sco?), they will still be vulnerable to lawsuits by the Free Software Foundation, et.al. for damages they caused with the heavy handedness of this lawsuit.
Yeah, but can you sleep with them? That seems to be more along the point of this article.
Lots of sites use the old Firefly technology or something similar to project what you might like by comparing you to other people who currently have similar tastes. Amazon.com actually allows you to rate products that they recommend if you already own them. This gives them even more information to try to guess stuff they could sell you.
Public phones are getting removed because drug dealers use them to make deals. In general, a drug dealer is not someone you want to have hanging around in your neighborhood. They tend to be armed, paranoid (particularly if they use their own product), and subject to being attacked by others who fit the same profile.
They are also unlikely to call the police if they see a crime being committed, which means that they don't provide the anti-crime benefit in which you believe.
If I had this worm, I would find the uninstall-executable less intrusive than starting up IE and sending me to a web site. The uninstall only affects the worm's operation. What you are recommending is further cracking my box (admittedly, the box is already cracked, but why go farther). As you are then taking active effort to crack my box, I would regard that as illegal.
An analogy. I regard this as the equivalent of walking by a a car with its windows down in the rain and rolling them up. It's just good citizenship. What you are suggesting is more along the lines of triggering the garage door opener, walking in, and leaving a note saying that the windows are down. Not only is it more intrusive, but it still lets the car get wetter while you are doing it and while you are waiting for people to find your note (which they may do immediately or not). Not to mention the fact that the worm affects other computers more than your computer.
My $.02
If you had the choice between being in jail and undergoing an operation that would let you get out, which would you choose?
I'm not sure that they would use this with criminals anyway. It would seem more secure to me to add it externally with a lock for criminals. Internally, it seems to me that they would just get another operation and have it removed.
I'm more concerned with sender verification than filtering (which apparently is already losing value). This system would be inherently more secure, because you can't fire up your email server, blast out a few thousand emails, and turn off the server. If you do that, I never get your spam, since you're no longer providing it.
Further, if mail servers had to be verified by DNS entries (and only accept email to send with password authentication), then I know I'm getting email from a real account. Now, I can blacklist by *sender* filtering which is practically useless now, since there is no way to verify the sender (and why use the same sender twice? just make up a new one instead).
Filtering can still be done by your email client before you read the email. This is not perfect, but then neither is the current system.
Anything that shifts more of the burden to the sender is preferable to the current system, where it is the recipient who bears the burden. Here, if you allow spam through your mail server, you are the one bearing the burden of storing it and transmitting multiple copies of it, not the recipients' mail servers. Also, note that it reduces the storage burden for a message with lots of recipients over all, since the message only needs to include one copy until downloaded by the recipient. Under the current system, each mail server with a recipient would have to have their own copy in their queue.
This also makes it easier to enforce anti-spam legislation, since we now have a trail back to the spammer (or at least a spammer friendly mail server).
Give a $5 to someone who did vote for Quimby. Photocopy their vote. Collect $20.
If you want to get more complicated, call police sometime before handing vote receipt to Quimby.
For the cost of a few poll workers, you can already do this. Have someone stand in the voting booth with them as they vote.
Btw, in the previous election, it had been the GOP who got screwed by the system. The problem was that it is easy to vote for the top person correctly, but the votes after that were frequently mispunched because the ballot used both sides with the punches in the middle:
Bush O
O Buchanan
Gore O
It's easier to read here (since the name is the same size as the bubble and I can't get the spacing to come out the way I want it: the Os should be lined up with each other and farther from the names), but in the actual ballots it was hard to tell that Gore was the third mark rather than the second. The previous election (which had similar problems, but since the vote wasn't close, so no one cared) had Clinton where Bush was and Dole where Gore was. I'm not sure who the third party candidate that benefited was.
Regardless, the way to fix this is to count the votes as you go as NC apparently does (description posted above this). I think they are missing a step in that you should also check with the voter to see if the electronic vote is correct (i.e. if they don't hit submit, the vote is not added to the total, and they have a chance to redo their ballot). Apparently in NC, they only check to make sure that the vote is well formed (no overvotes), not that it is representative of how that person wishes to vote.
Right now, I would settle for *any* authentication of mail servers. Even something as simple minded as adding a DNS record that verifies that a server is authorized to send email for a domain would be a *huge* step forward at the moment.
It's ridiculous that they can spam anyone as anyone through open relays and proxies, so that we can't determine their real identity.
I posted higher in this discussion that it would help to have a DNS entry for SMTP servers authorized to send email for a domain (and your proposal still needs something like this; the current system has no way of verifying that someone is who they say they are). However, if you want to start over and redo SMTP:
Add a new protocol where mail stays on the *sending* server until you pop it off with your client. Instead of sending the entire email to your mail server, it just sends the headers. This does two things: one, it gives you a chance to see the headers (not necessarily all of them; subject and sender would probably be enough) before making the decision to get the email; two, it pushes the spam burden onto the sending server. Now, they are the ones who have to waste bandwidth and disk space on the message.
The other thing that you need is for mail servers to insist on authentication from the user trying to use them to send mail (the DNS record would help as well). Then the originating server will know who is sending the spam. No more fake addresses. Traceable end to end. Then you can actually blacklist domains (now there is no point--spammers do not use their own domain to send email) and email addresses.
The real problem with the current system isn't a weakness of blacklist filters. The problem is that there is nothing in the email protocol which validates identity of the sender. This means that they can do things that are blatantly illegal and get away with it.
Open relays on DSL lines are no longer valuable if we add a DNS field for SMTP servers authorized to send for a domain. Then, you need to actually own the domain to send mail for it (to servers that require the DNS field). Anonymity gone.
There are no protections for domains or email addresses on the internet. If you gave me your email address, I could send you an email as you. It's not any one person's problem; it's built into the system. Never blacklist a domain, there is no point. Blacklist IPs. They are almost impossible to fake without hijacking network hardware (i.e. routers).
Yes, but that assumes that they know about the spam. Without a law making them liable (i.e. now), that will generally be true. However, with a law making them liable, then it is to their competitors' advantage to spam in their name. That gets them fined. They can't give up the spammer, because they have nothing to do with it. Thus, they get hit worse for doing nothing than would someone who was actively involved in the spam.
What I am saying is that if someone sells a product with the knowledge that it is going to be sold through spam, they should be liable. I would be very surprised if Pfizer had no idea who was selling their product through spam. As such, they are an accessory and should be punished as one. Further, if companies find out that they can be punished for their resellers using spam, they will stop supporting it.
Jail spammers (those actually sending the emails).
What we were talking about was the companies who are providing product (who may or may not actually know about the spam). I would like some kind of responsibility for companies that benefit indirectly from spam. In other words, if Pfizer sells Viagra to someone who then uses spam to sell it, I would like Pfizer to be responsible for paying back the profit they made as an indirect result of spam. If it is shown that they knew that they were selling to someone who spammed, then I would like them to be fined. If they sent the spam, then jail terms and such could apply.
The problem now is that we can't sue the company selling the stuff without proof that they are actively involved with the spam. It would be much easier to track down the spammers if we could tell the seller that they have to show us who profits from that sale. Obviously, one of the people profiting is sending the spam (otherwise, why is it being sent?).