
Brian Carpenter writes:
This wouldn't be a problem if they just applied a filter to that person's e-mail address but to block an server's IP from sending any e-mail to all their users? <shudders>
Hold that shudder ...
and none of the major e-mail providers are willing to come up with a system that doesn't target the middle man.
That's because an *effective* system *must* target the middleman. (Well, it could target *their* customers. Not likely, right?) It's not possible to target the ultimate source (without widespread use of strong authentification by the good guys -- but both you and Mark have objected to plausible implementations of that in this thread); that's like trying to target the Milky Way galaxy with a spitball.
Just read the FAQ for this list. You will find Brad Knowles (a recognized expert on the subject) advising over and over again that to keep spam out of your users' mailboxes, you need to stop it before it reaches your server. And the only way to do that (that you can implement in your own servers) is to refuse suspicious mail.
Full circle.
Granted, Brad himself often criticizes the implementation at AOL, Yahoo, et al. But the underlying strategy is the same. "Stop spam as far upstream as you can."
Wait till you get Yahoo's response asking you to add every single domain name you want a report on, to a text file along with its domainkeys. For a hosting company that hosts thousands of domains, such a request is ridiculous.
... do you still have that shudder? Here comes the punchline! ...
AOL does it by the IP address not by domain.
You can't have it both ways. If AOL's database is organized by IP, when you get filtered, you will get filtered by IP. If you want Yahoo to distinguish your "diligent" (and/or "lucky") domains from the less so, you're going to have to give them domain keys so the good ones can't be spoofed by the bad ones (or worse, by the bad guys themselves).
You don't have to like it; I don't like it at all. But it's not very useful to propose that the 600-lb gorillas "stop targeting the middlemen," nor to complain about gorillas that ask for authentication of every domain that wants to clear its reputation with the simians' systems. Not until we can provide an alternative that looks like it might work.
I for one don't have one.