[LINK] a question about the spam act due to be enacted next month

[Adam Todd]

> > I have a question for consideration about this legislation's impact.
>
>I think this legislation will have little, if any, impact on spam and
>viruses (which is usually unintentional spam anyway).

No!?  Really?  I thin it's all going to vanish overnight, just like porn 
web sites and music piracy and telecommunications monopolies and 
censorship^H^H^H^H^H^H^H^H^H^H^H classification ...

> > I am currently and yet again, fending off the bounces to emails 
> purportedly sent by someone in my company, and since there are only 2 of 
> us using email addresses in my domain, I am 100% confident that this is a 
> case of spoofing.
>
>This has been happening for the past two years at least, so it is
>nothing new.

Oh go back to at least 1996!  But the problem continues to exist.  There 
are IDIOTS out there that think the headers are 100% legit and that the 
FROM address is REAL and hence YOU are the SPAMMER.

I get endless abuse for bouncing @ah.net mail because there are only FOUR 
active email addresses there.  People just don't believe me when I tell 
them that Adam and Suzanne are the ONLY email users of AH.NET, they insist 
their friend in Botswanna gave them the correct address.  Good thing I 
reply using nospam at ah.net :)  It just bounces :)

nomorespam at ah.net was another good one to ward off the spammers and slow 
them down!

> > I guess the headers to the original messages would tell the story of the
> > forgery, but am I going to spend countless hours having to explain this to
> > would  be law suiters after april 11?

>The headers will probably tell you little, except the address of an
>infected relay.

And certainly not enough for wouldbelawsuiters to actually realise they are 
prosecuting the wrong person.

But then, I have a track record of Government legal endeavors that are bogus.

I know many of you are public servants, so this isn't a view of you all, 
just those who seem to be more interested in protecting their jobs instead 
of seeing happy citizens.

BTW, I'm curious as to why Government Agencies do NOT have to pay filing 
and legal fees?  Isn't it about time this was made TRANSPARENT to the 
community.  How many bogus legal actions are taken by Police and Agencies 
that are defeated because of the Government's inability to actually be honest?

You know the Banks have been trying to have legislative rights to NOT pay 
fees as they are the crux of the economy and want to sue people too.

I reckon of the Government Agencies had to fork out filing fees frivolous 
claims would vanish really fast.  How many Joe Citizens do you know can 
afford to run the appeals process when they loose, all the way to the High 
Court?

I've got a case I've been following in Industrial relations.  The NSW 
Government has had judgements against it 14 times on this case in the last 
7 years and they CONTINUE to appeal it.  This time, let me quote it ...

"questions raised by the appeal are: 1. whether Her Honour was wrong in 
finding that no decision to cause the respondent to retire had been made by 
the appellant. 2. whether Her Honour's finding that tafe merely acted as if 
a decision to cause the respondent to retire was wrong.  3. whether Her 
Honour was wrong in finding that there was no valid or effective 
termination of the respondent's employment.

"...4) The Respondent has been awarded a substantial amount of money and if 
the decision is wrong she has been effectively unjustly enriched.  There is 
a strong public interest in the assets and resources of the State being 
properly applied..."

Honestly, it's cost the State more in invisible legal fees and witness fees 
and lost salary's and temporary teachers employed to replace teachers who 
are in the courts, than the actual"unjustly enriched" award.

But then the Government is a Rotweiler with a bloody and meaty bone.

>As for law suites, I wouldn't bother responding to them.  Once a few
>suite get thrown out because they cannot prove their case, then I don't
>think others will follow their lead.

You think?  I'd have thought the same in my own experiences, but they keep 
on trying.

I've got a case presently in my sights, an organisation is suing an 
associated body for "using their name in Yellow Pages advertising since 
1996."  What's funny is the applicant is claiming that calls to their 
business dropped in 1996 when the ad was placed.  Mind you the ad was NOT 
placed by the advertiser, it was placed by a Telstra "anonymous order."

The respondent hasn't had any calls from the ad anyway.  But that hasn't 
stopped the applicant demanding financial records to prove their have a 
right for losses.

What's really sad, is the Applicant is in fact a supplier of information to 
the Respondent and the Applicant also sells the Respondents product.  They 
both have the same exact community information goal and are suppose to 
share information.  The Applicant is a non-profit, the respondent is a 
corporation.  The Respondent contributes financially by subsidizing 
product, cost of seminars and freely advertises the applicant on their web 
site.

I guess "Non-Profit" isn't always such a reality.

Confused?

> > Is there a way to authenticate outgoing emails to stop this practice?

Sure.  Provided the OPEN RELAY that is not authenticating the RELAY itself 
is prepared to ... oh hang on, they only need to deny inbound mail that 
isn't from their own source origin!

> > Are there  other solutions which could be put in place?

TMDA is a great tool :)

>SPF [Sender Permitted From] <http://spf.pobox.com/> would probably help.

That's called RELAY controls and has been available since BEFORE SPAM was 
even a considered issue.

Gosh it wasn't even ten years ago we started to close down networks to 
avoid this kind of thing.  Ten years ago I had open systems all over the 
country that people could do what they wanted on.

>I have implemented it in my DNS; it's one line:
>IN  TXT  "v=spf1 a mx ptr ptr:lannet.com.au ptr:caterworld.com.au. -all"

Oh boy!  This is going to get messy!

>but as yet I haven't set up Sendmail to handle other sites that have SPF
>DNS records.  I need to upgrade my Sendmail to a version that handles
>milter.

>To be really effective it needs a wide implementation.

That's the problem.

To be really effective, wide implementation of RELAY denying SMTP servers 
need to be deployed and networks really should prohibit SMTP departing from 
their borders unless it's from their own servers.  That allows them to 
control spam quite effectively.