On Tue, 1 Oct 2002, Bill Nash allegedly muttered: > First off, why aren't mail servers talking to each other over encrypted > streams? Everyone is talking about encrypting mail to each other, and > exchanging keys, so why not do it with the mail servers themselves as an > additional step of security? The problem isn't necessarily the mail servers per se. Even if the servers are all happily key certed in this fashion, you still can't stop a spammer from going abroad and wreaking havoc from, say, China or Russia. Not to mention the fact that servers with proper relaying and good credentials can still be used by morons who will happily sign up for accounts with the sole purpose of voilating their AUP for the preveledge of spamming *from* a mail server that's keyed/certed. Even if they get nailed after the first shot, how many useless bits of clutter did he manage to shoot through the legitimate channel before being caught? Then, off he goes to another host. Lather, rinse, repeat. Also, in such a situation, how do you tell your MTA what is good content and what is spam? Place filters looking for (n) instances of a subject word or phrase and then locking out an account from mail privs? That might work for subjects like "guaranteed new method for milking walruses", but how many spammers use subjects like "hey" or something equally benign? There are steps that can be implemented by ISP's/telcos/potted philodendrons to limit the spam that transits their networks. Many do try, some could care less as it fluffs their traffic stats for the ol' shareholder portfolio. Additionally, end recipents can do many things to eliminate spam. Procmail is good, and whether you use CLI or GUI mailers, dropping a procmail recipe in between your MTA and mail spool makes it easy to /dev/null those annoying spambeasties. Yes, I know, non *nix users are all looking at their displays going 'what's a procmail?' For those people I say, "learn how your mailer's filtering functions work and build some solid antispam filters". Yes, I know, this won't stop all spam, just what slips through your MTA's net and actually gets to you. However, unless you're a spam crusader, you probably only care immediately about the spam that's getting to you directly anyway, right? Another thing many people overlook is good old human contact. Typically my first response when I get spam from a friend is to politely ask them not to forward things to me like that. On a second offense, they get a nice, long, semiform letter from me telling them how much of my time they've wasted by forcing me to write a long letter detailing netiquette rules on mail and spam. I go to great pains to be as condescending and obnoxious as possible to get my point across. Ask my Mom, she didn't speak to me for almost a month after she got one, but she doesn't spam stupid things to me anymore and cc: 725,234 other people as well. My point here is that education helps too. Many people have no idea about where or how their email might wind up on a spammers target list. The internet, to many, many, people is like smoking in the early 20th century. Hip, trendy, and much more hazardous they they know or care to admit. (apologies to smokers out there, but at least now you can ignore the surgeon general in an informed way. :) ) Taking the time to tell people how they're helping propagate spam might only stop a few people in a bigger picture, but if it's the few who constatly spam YOU, it's worth it. Oh, yeah, third offense on spam involves boiling tar, feathers, and a large sign reading "I'm a spammer!" Jeez, I really ought to not respond to stuff, I ramble on forever... ******************************************************************************** NoX (nox@drunkenmuppets.org) "I want to know God's thoughts. The rest are details." - Albert Einstein ********************************************************************************