Fun new policy at AOL
Omachonu Ogali
nanog at missnglnk.com
Sat Aug 30 13:49:53 UTC 2003
On Sat, Aug 30, 2003 at 12:21:02PM +0100, Stephen J. Wilcox wrote:
> It really doesnt make any difference, if you change the rules by implementing
> auth etc the spammers will just adopt and it follows that the more thorough you
> are in the anti-spam measures, the more drastic the spammers will become to
> maintain their business..
Yes, it does make a difference.
a) Now, there is no longer a gray area with spam, if they are
successfully bruteforcing your users' passwords, I believe
that falls under unauthorized entry (now, there is no need
to go to your senator to ASK them to put anti-spam laws in
place), and you can follow this up with your local law
enforcement agency.
b) This adds an extra step, therefore slowing down their
dictionary attacks and relay abuse, resulting in a lot
LESS spam.
c) I'm also asking for server-to-server authentication among
trusted mail servers and administrators, at which point you
can ask the other mail server to sign a contract laying out
the terms of sending mail to your server (and they can do
the same to you) and make them legally liable for any
breaches.
Hey, now you can actally implement those per message fines
in all of your AUPs.
d) After reptitive breaches, I'm sure users and administrators
would be willing to chip into a lawyer pot (kinda like ISPC)
which would make it easier to sue offenders rather than
asking themselves "is it really worth it to plunk down $10k
for some penis enlargement mail".
Think of something along the lines of USENET peering, but now
with SMTP.
More information about the NANOG
mailing list