Posted on 04/11/2005 10:12:57 AM PDT by ShadowAce
An open/promiscous relay allows you to send email through a system; it doesn't allow you to forge the mailing headers on the relay.
And, there is no point in even trying since it is the open relay that is blacklisted and not the prior hop...
I've had a few people wanting to use 3rd party email for business work in the past, but with the current HIPAA and SOX regs, the auditors will back me up on telling them they need to quit that. I realize not everyone operates in that environment, or under those circumstances.
HIPAA is specific to health privacy issues and SOX (Sarbanes-Oxley) only covers audits of publicly held companies....
Sending HIPAA data via email should be done via PGP or a CERT, but there is nothing limiting the originating IP.
Auditors frequently misunderstand technical topics and react with a shotgun approach.
SOX is really concerned more about accountability than confidentiality and, because of that, encrypted email is actually a bad thing here. Corporations would be required to hold private keys of officers for up to 7 years in order to comply with this...
The only place where SOX might apply is if a corporate officer were emailing confidential, audit related information from an external location... which means they're probably on shakey grounds anyway.
In order to comply with SOX, corporate officers would have to surrender their private keys and those would have to be kept in a secure location for 7 years to permit auditors to read all related email. Note that this is true for internal and external email.
We also have FDIC regs involving privacy of client information involved. At any rate, you're right in that they do tend to take a shotgun approach. In their defense, some of these emails do involve audit information and things like contract negotions, and managers tend to treat all email the same. If they use hotmail to send work email from home, they will generally send anything over it they would send through the internal email system at work.
Probably faster than that. Check out http://www.ordb.og
So pathetic, it's sad. Don't you guys have anything better to do than bog FR down with your guesses at your own port numbers?
Bingo. All of the spam that I get to my spam-bucket comes in to my ISP's POP server and I pick it up using fetchmail. Any spam sent to my mail server gets blocked, because I use the blacklists. I don't know why the ISPs won't.
Yeah, they do. combined.njabl.org has a blacklist of DHCP addresses which is pretty darn complete.
Given the fact most high speed nets are DHCP you could find yourself blocked because the guy before you was a bot.
Not a problem. You use the "smart host" part of sendmail to send all outgoing mail to your ISP's SMTP server.
Actually, I don't see a problem ith this, but it should be handled at the ISP level. Anyone who wants to handle their own mail. (As I have from time to time, though not at the moment), should be able to turn that option on, with the default being deny. Also, if your computer is a spam or DOS bot, it deserves to be shut down. When the customer calls in to the helpdesk, they ask if they are running a mailserver. If customer says "no", you tell them their computer has been hacked and that they need to reload, or, better yet, migrate to a less hackable system like Linux, or OSX.
If granny's computer is sending out spam, shut her down until she fixes it.
Could be worse we could be trolling people on FR who put down port #'s... that would be really sad..
Except that on an RBL of DHCP I could very well end up the IP that is on the RBL. The effect on people who use legit mail servers on DHCP ranges is the same..
I don't see where this helps anything. You're creating a lot of new infrastructure that someone will have to pay for.
And you're ignoring the fact that lots of overseas ISPs exist solely for spammers... wannado.fr and hinet.net for examples... and they would be willing to pay the price to get into the "network". Then they'd have to be blacklisted -- just as they are now.
And on top of that, you've come up with a nice little way of tracking e-mail addresses and number of e-mails sent, which just might come in handy to the government someday.
ALL addresses in the residential DHCP subnets are in the blacklist. Yours is. Mine is. The effect of this is that we can't send outgoing mail directly to someone using the blacklist.
So we send outgoing mail through the ISP's mail server, which will NOT be on a residential subnet. That's okay.
I'm primarily concerned with incoming mail to my mail server. If RR blocks port 25 inbound, I'm sunk, because that's the only way in. Outbound isn't a problem.
I don’t smoke.
But I understand now. So states can shake down there residents.
Credit card co. will no longer do cigarette transactions over the net.
If they can do this Why not stop co. that use SPAM from using credit cards to get money.
If you ask me SPAMERS are a lot more annoying than smokers.
If the possibility exists, then the auditors are correct because it removes the potential and appearance of /for non-compliance... and methinks the feds will probably want to use SOX on someone before the next election to say they're doing something constructive :)
The real problem is the people who order products advertised in spam. These are the people who make the whole game so profitable. If nobody ordered from spam, it would not be worth sending.
While it presents obvious problems, I would love to see "fake" spam (can spam be "real"?), so that when the user clicks on it and tries to order he gets a warning about stupidity. He also would have his name posted on a Fools Hall of (Sh)Fame website. Employers could check what employees tried to buy fake degrees. Businesses could check which customers tried to buy fake ID. Guys could check on which buddy tried to buy Vi4gr4 or p3n15 enlargement products.
After enough people had been humiliated in this fashion, perhaps the message would get out. Do not respond to unsolicited e-mail offers. It is a loser’s game.
I've already bought some. Found a good deal in some spam.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.