On Tue, 17 Mar 1998, John Young wrote:
Markoff in the NYT reports today on the release of a new Sendmail upgrade by author Eric Allman that will block spam by checking the legitimacy of the originating address before delivery.
The report claims that spam is up to 10% of e-mail worldwide, And that Sendmail is used on 75% of the computers that route e-mail, all of which are being fitted with the new program.
What are the chances that this will affect remailers or other means of eternal anonymity?
I doubt it. NYT is probably referring to the integration into the sendmail package of rules that nix incoming mail with forged From headers, e.g. "you.want.to@buy.this" and prevent unauthorized relaying. Remailers generally use a From header that includes their own legitimate domain, so they likely won't be blocked. However, while the anti-relay-hijacking rules are useful (and LONG overdue), I see the the From-domain-validity change as a Bad Thing, as it will encourage spammers to deliberately choose existing domains to spoof in their From lines, leading to an increase in the incidences of sites being subjected to fragmented denial-of-service attacks, i.e. being mailbombed by the collective complaints of all those shit-stupid AOLers who don't bother to read the Received headers. I've been lucky enough never to have been subjected to one of those attacks, but from the sheer volume of complaints I once got when a luser sent a MMF spam to USENET, I can sympathize with the victim of a spoof. Yet another instance of "protection for the masses" actually providing no real benefit and simultaneously negating the protection afforded to those few who had previously used the defense. A similar thing has happened/is happening with the previously-useful "Comments: Authenticated sender is" check for spam, which used to be nearly 95% effective at nixing spam because most known spamming packages included the header, and only one legitimate mailer did likewise, but was easy to make exceptions for because it included an identifying X-Mailer header. -- Brian Buchanan brian@smarter.than.nu Never believe that you know the whole story.