On Wed, 1 Dec 1999, Nicholas Heer wrote: > > Please explain. Why do so many people want to receive spam? I > don't understand. I certainly don't want to receive it. > > Nicholas Heer Almost all of the spam we receive today is relayed via insecured mail servers, servers that permit what is known as "promiscuous relaying", which means they will accept mail from anybody and deliver mail to anybody. A properly configured mail server will only forward mail if it either originates or terminates in a domain they serve. The ORBS project was setup to provide a database of servers that are open AND actively being used to relay spam. It is a real-time database, and when a site fixes an improperly configured mail server; they can immediately connect to the ORBS resite and have it retest their server and remove it from the data base if it no longer forwards spam. Because this spam comes second hand through these servers; we can't block it except to block mail from these open servers. The problem comes from the fact that some legitimate e-mail originates on these same servers; so some legimate mail is rejected. The proper fix of coarse is to secure the originating server. But many customers here, particularly business customers, can not grasp that concept. They believe it is more important not to lose any legimate mail despite the fact that that entails continuing to receive the onslaught of floods. A number of people have suggested setting up a parallel server but they have no idea of the complexity involved. There are not one but four mail servers here involved in processing mail. There is mail, which provides smtp, pop-3, and imap service for clients, there is mx1 and mx2 which provide smtp service for network originated connections, list expansion, and mx1 also holds the spool and smartlist directories. And then eskinews also handles mail to and from UUCP sites we serve. On top of that, the Unix mailers look for one spool, there is no easy way to tell many of them use this spool or that on a per individual basis; and this type of filtering really must be done up front, so we'd have to setup a seperate domain for filtered verses non-filtered mail. So we are looking at a lot more expense than just duplicating one server to provide that seperate functionality, and I believe probably more than people are willing to pay for.