[Cryptography] Paid SMTP (PSMTP)
Ersin Taskin
hersintaskin at gmail.com
Wed Feb 28 06:33:55 EST 2018
2018-02-28 9:00 GMT+03:00 Kevin W. Wall <kevin.w.wall at gmail.com>:
> On Tue, Feb 27, 2018 at 8:15 AM, Ersin Taskin <hersintaskin at gmail.com>
> wrote:
> <snip>
>
> If the cost per email and all email addresses is the same, I think one
> unintended result would be to move a substantial portion of the spam
> to unmoderated mailing lists (and make even moderated mailing lists
> harder to moderate). I know that I've dealt with periods of excessive
> spam to our various open OWASP mailing lists and it's been a royal
> pain. OWASP is using something like Baracuda now for spam filtering,
> so it's a lot more tolerable than it was 5 years ago or so, but there
> are probably a lot of mailing lists run by individuals (I'm subscribed
> to a few) who don't have the resources to fight spam. And if spammers
> are going to have to pay a flat rate, they likely will go with
> something like mailing lists so they can get the biggest bang for the
> buck.
>
That's a good point. However, I must repeat that my proposal is not a
FUSSP. Therefore, It does not claim to solve all spam. Mail lists are not
covered in PSMTP i.e. if you subscribe to a mail list with your PSMTP
registered mail address, you white list the mail list address. Mail list
admins should keep fighting the spam with current tools.
I don't have any mail list administration experience. However, requesting
PSMTP posts from subscribers can be interesting. The very existence of
anti-spam techniques like greeting delay, greylist temporary rejection,
nolisting, quit detection all show that when there is a little bit of trick
in the mail transaction, spammers don't bother and move on to another mail
address in their list where the process runs in a less tricky manner. That
is the essence of brut force. Even though the fee is small it still may be
enough for some spammers to sail to less tricky waters.
*Greeting delay* – A sending server is required to wait until it has
received the SMTP greeting banner before it sends any data. A deliberate
pause can be introduced by receiving servers to allow them to detect and
deny any spam-sending applications that do not wait to receive this banner.
*Temporary rejection* – The greylisting
<https://en.wikipedia.org/wiki/Greylisting> technique is built on the fact
that the SMTP <https://en.wikipedia.org/wiki/SMTP> protocol allows for
temporary rejection of incoming messages. Greylisting temporarily rejects
all messages from unknown senders or mail servers – using the standard 4xx
error codes.[10]
<https://en.wikipedia.org/wiki/Anti-spam_techniques#cite_note-10> All
compliant MTAs will proceed to retry delivery later, but many spammers and
spambots will not retry, but move on to the next address in their list
rather than waste time re-sending to an address that has already exhibited
a problem.
You may read https://en.wikipedia.org/wiki/Anti-spam_techniques page to see
more.
Once again PSMTP is something you can use if you need to. I believe
spammers would stay away from PSMTP with the fear of immediate blacklist
action as explained in my response to John Levine. There will be enough
space for the spammers in the SMTP world for a long time. Besides an PSTMP
address probably belongs to a very anti-spam user. You would not spam
somone like that where you can get blacklisted easily. PSMTP will help
spammers to spot those not to spam.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20180228/2f1072bf/attachment.html>
More information about the cryptography
mailing list