Home page logo
/

nanog logo nanog mailing list archives

Re: Fun new policy at AOL
From: Omachonu Ogali <nanog () missnglnk com>
Date: Sat, 30 Aug 2003 09:49:53 -0400


On Sat, Aug 30, 2003 at 12:21:02PM +0100, Stephen J. Wilcox wrote:
It really doesnt make any difference, if you change the rules by implementing 
auth etc the spammers will just adopt and it follows that the more thorough you 
are in the anti-spam measures, the more drastic the spammers will become to 
maintain their business..

Yes, it does make a difference.

a) Now, there is no longer a gray area with spam, if they are
   successfully bruteforcing your users' passwords, I believe
   that falls under unauthorized entry (now, there is no need
   to go to your senator to ASK them to put anti-spam laws in
   place), and you can follow this up with your local law
   enforcement agency.

b) This adds an extra step, therefore slowing down their
   dictionary attacks and relay abuse, resulting in a lot
   LESS spam.

c) I'm also asking for server-to-server authentication among
   trusted mail servers and administrators, at which point you
   can ask the other mail server to sign a contract laying out
   the terms of sending mail to your server (and they can do
   the same to you) and make them legally liable for any
   breaches.

   Hey, now you can actally implement those per message fines
   in all of your AUPs.

d) After reptitive breaches, I'm sure users and administrators
   would be willing to chip into a lawyer pot (kinda like ISPC)
   which would make it easier to sue offenders rather than
   asking themselves "is it really worth it to plunk down $10k
   for some penis enlargement mail".

Think of something along the lines of USENET peering, but now
with SMTP.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]