SMTP authentication for broadband providers

Right now SMTP AUTH is a bit more useful because the mailer can directly
identify the compromised subscriber. But I expect this to also be
short-lived. Eventually the compromised computers will start passing
authentication information.

SMTP AUTH and 587 might not be silver bullets but they can
shift the action into an arena where we can use bigger
clubs to beat the spammers. Right now, if someone sends
SPAM they are not breaking the law. However, if someone
compromises another person's computer, steals their authentication
credentials, transfers those credentials to another compromised
computer and then sends SPAM, they are clearly breaking the law.

They are also doing something that banks, credit card
companies and law enforcement agencies are very interested
in tracking down, namely the theft and transfer of
authentication credentials. And if we get to the point where
people can rightly claim that 94.7% of SPAM is the direct
result of security flaws in Microsoft operating systems, then
there is another big club in the form of the FTC and class
action suits that can be applied to the problem.

--Michael Dillon