Re: Trouble with Sender Authentication

[Douglas Otis <dotis@xxxxxxxxxxxxxx>]

On Nov 8, 2006, at 12:56 PM, Dean Anderson wrote:

> I also found a few blacklists abusing open relays. I did this by  
> creating non-production relays, logging TCP connections to them,  
> and then submitting them to the blacklist for scanning. After only  
> scanning by the blacklist, they started getting abused. There's  
> more, but you get the idea.  And now, the abusers are easily  
> distinguished from the genuine mailers by CAN-SPAM---this is why  
> "anti-spam" people hate CAN-SPAM so much. (quotes because they  
> really aren't anti-spam people)

It is not surprising that listing an open-relay exposes such services  
defeating a security through obscurity scheme.  While the CAN-SPAM  
act is not entirely bad, the greatest harm was from over-riding  
reasonable State Opt-in requirements.  This act still allows  
acceptable use policies.  Neither this act nor the suit you mention  
changed these acceptable use policies, and there is a growing  
adoption of these policies worldwide.  Opt-in use policies continue  
despite CAN-SPAM requirements established for Opt-out.  In general,  
it remains a bad idea for a recipient to Opt-out unless they are sure  
of the sender.  Just as it remains a bad idea for recipients to run  
scripts in messages or obtain photos when they are unsure.  It also  
remains a bad idea for the sender to post bulk email unless their  
mailing lists have been confirmed by the recipients.

-Doug