NOTE: use Perl; is on undef hiatus. You can read content, but you can't post it. More info will be forthcoming forthcomingly.
All the Perl that's Practical to Extract and Report
about I/O disciplines and I should retire to the Tassili-in-Aijer
mountains in Sahara as a camel herder :-)
-- Jarkko Hietaniemi
Stories, comments, journals, and other submissions on use Perl; are Copyright 1998-2006, their respective owners.
Authentication is bad ... (Score:1)
... because there are perfectly legitimate reasons to want to send mail anonymously or from a throw-away account. For example, I might want to send mail to a corporation criticising their customer service, but not want them to have my real address anywhere on file. Or I might want to ask a question about my embarrassing disease on a mailing list. Or a question about an area I'm meant to be an expert in, and I'm afraid my employer might fire me if they find my post in the list archives.
No, the way to stop spam seems to me to be to make it too expensive to send. I don't mean too expensive in terms of money, but in terms of computer resources and time. Which, of course, boils down to money really. Using a scheme like hash-cash, senders' machines can be made to solve a puzzle involving some Hard Sums before they are permitted to send mail. If the puzzle takes 30 seconds to solve, that's sufficient. I don't care if my individual messages are delayed that long. A spammer will care though, because if it takes 30 seconds to solve the puzzle required for each recipient, they're limited to sending just 2800 messages a day, rather than the tens of thousands they send an hour now.
This won't break mailing lists either, because all legitimate mailing lists are opt-in. So the user knows to expect bulk email (SOLICITED bulk email) from that source, and can exempt it from having to do the Hard Sums. Because all legitimate mailing lists are *confirmed* opt-in, the confirmation message could say something like "you need to add FOO to your whitelist. When you've done that, do BAR to confirm your subscription". People who don't exempt the list from the challenge/response system should get a single message telling them that they've screwed up, and then have their list membership suspended.
This does of course require support in software - on the server and in clients - for it to gain mass acceptance, but while that's a big problem, it's not insurmountable.
There's still the issue of spammers using hordes of zombie machines to send their spam, rather than bulk-mailing it themselves. Spammers won't care about the victims of their worms and viruses having to expend cycles. I favour making it illegal to use a computer in an irresponsible manner, just like it's illegal to use a car or a gun irresponsibly. Once a few hundred ignorant users have been locked up to become Bubba's Prison Fucktoy pour encourager les autres expect to see the number of virus and worm infestations plummet.
Reply to This
Re:Authentication is bad ... (Score:1)
Re:Authentication is bad ... (Score:1)
Re:Authentication is bad ... (Score:1)
One reason to put the authentication in the SMTP protcol is that the sender and recipient addresses are well defined there. Email clie
Re:Authentication is bad ... (Score:1)
And if I fake being the mailing list sender?
I don't know what the answer is (I'm not sure if there is "an answer" or even a set of services which together might be "the answer") to fixing email, but for a Hard Sum to work, those machines/addresses which are exempted need to be authentica
Re:Authentication is bad ... (Score:1)
I don't have a problem with authentication if there is an anonymous alternative which is at least as widely available. However, getting Hard Sums widely implemented strikes me as being easier than getting a world-wide trust relationship and authentication scheme working. For one reason why that's such a difficult problem, look at who is one of the supposedly trustworthy CAs for SSL certificates.