On Thu, Jun 30, 2016 at 7:54 PM, Joel Rees <joel.rees@xxxxxxxxx> wrote: > To keep this off-list as much as possible, the rant is here: > > http://reiisi.blogspot.com/2016/07/to-gil-tim-fedora-et-al.html > > (The blame lies elsewhere. I wish I had the network and social cred to > get a real movement started, away from the current faceless CA system > and towards a different identity assurance system that depends on > actual, existing day-to-day trust relationships.) Notes from an old, very experienced spam hunter here. (I was part of the group that went after Canter & Siegel, the first Usenet spammers and one of the first email spammers.) Most of the difficulty is with the use of SPF, and the unwillingness of third-party forwarders to profide "SRS", See http://www.openspf.org/SRS for an explanation of the problem with email servers that forward email, without rewriting the "MAIL FROM:" address so that the forwarding server gets bounce messages, not some innocent third party whose address was forged by a spammer. The problem is not going away: companies or large mail servers that fail to publish SPF records can be flooded by bounce messages for spam they never sent or allowed to be sent, and can wind up blacklisted because of forged spam from the relevant domain. And it's been a very helpful filter for Gmail and many other services: Anger won't solve the problem. Providing robust SRS and encouraging its use by domains that forward email, can deal with most of the current problems. -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://lists.fedoraproject.org/admin/lists/devel@xxxxxxxxxxxxxxxxxxxxxxx
