This is what I posted to NZNOG a little while ago...

Was recently asked by a colleague about the current spam situation at a generic level - and more specifically 'what can be done about it'.

I proceeded to send him what could've almost be called a Tirade - Of exactly what'll need to happen before spam will be a thing of the past. Not sure i'll go there just yet...

In an unrelated tack, a recent discussion on NZLUG cited some problems an individual was having sending emails to Hotmail.com, as they were apparently requiring SPF records of domains sending them mail - and were deferring through to failure, inbound mail that didn't have it.

I checked - they're not. (I don't currently publish SPF, yet I can send to them fine.). But I threw some terms into Google and found a gem of a link - http://www.richi.co.uk.

http://richi.co.uk/blog/2005/06/yet-more-on-hotmails-move.html

Which References http://www.computerworld.com/blogs/node/440

http://richi.co.uk/blog/2005/06/hopefully-last-on-this-subject_24.html

http://richi.co.uk/blog/2005/05/why-challengeresponse-is-bad.html

I consider all of the above to be useful reads.
I also have to confess I do agree with much of the following - anyone looking to implement spam filtering needs to bear the below in mind...

http://www.nzherald.co.nz/index.cfm?c_id=5&ObjectID=10338111 includes:

The Government aims to free email inboxes from unwanted spam messages with the tabling in Parliament of a bill that would make it illegal to send them.

Internet users will complain in the first instance to their internet provider about spam email, and the Department of Internal Affairs will act as an internet watchdog if the matter is taken further.

Key points?

• This is NZ Legislation and only applys to Local spammers - about 10% of the source.
  
• Punishments are fines - not jail terms. Good or not?
  
• Internet users will complain to their internet provider about spam, with the DIA watching carefully.
  

Now.. having been the ISP rep responsible for spam reports more than a couple of times in the last 5 years - this is crap. Either the reporter has it wrong, or whoevers dealing with it is on the wrong end of the stick...

What theyre saying, is that if i'm a customer of ISP X and receive a spam message (that was sent by or via ISP Y) - that ISP X has to take my complaint.

Spam investigation rule 1 - the SOURCE provider is the only one that can identify who a spammer is.
Its their network. They can resolve an IP address assigned out of a dynamic pool that their customers share back to an individual internet access account, when this is put together with the time involved.

We've spent years educating people on the concept of whois, abuse@ - and theyre undoing all of this.
What it means is that Xtra - NZ's largest ISP with >500,000 customers - is going to have to have enough staff on hand to deal with abuse complaints from all its customers - as well as those that come in ABOUT its customers?