[CLUE-Tech] If you administer a mail server, you might find this useful.

[Angelo Bertolli]

> Actually I administer several mail servers and I think that a tool like
> popauth3 could be useful to fight UCE.  Perhaps you don't have a bunch
> of remote users who use hotel, dialup, wireless hotspot, or other
> Internet connections.  As you know mail servers have to restrict somehow
> mail they accept for relaying.
>
> If a mail server accept any old mail for relaying, then the spammers
> win.
>
> If you restrict the relaying to a few IP addresses, then the spammers
> can't use your mail server as a relay, but neither can your mobile
> users.
>
> If you have a tool like popauth, then the spammers still can't use
> the mail relay, but your mobile users can.  This is how it fights
> UCE.

In the end, I think as long as you keep the spam from getting to the 
end-user you can win against spammers.  But this is a really difficult 
thing mostly because the situation isn't the same for all servers (not 
everyone has the same type of users).  For example, with our users it's 
more important that they don't miss a valid important email, than it is 
that their spam is zero.  So spam gets through.  Being on the server-side 
of the equation, I also feel that it's "safer" (from a responsibility 
standpoint) to let the mail through and allow the end-user to filter it. 
But then, when I'm sure I can filter something I will.  For example, our 
users have no need or desire to send mails with attachments with .exe, 
.com, .cpl, .scr, etc. extensions, so it's perfectly OK for me to filter 
out all mails containing those extensions.

Angelo