Re: How Not To Filter Spam

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Tony,

>> first, there is an increasingly heated debate between folks who want
>> to sign the message (TEOS, DomainKeys), versus others who want to
>> secure the channel between sender and receiver (RMX, LMAP, SPF,
>> etc.).

TH> Is there an obvious reason not to do both?

Cost of effort. Distraction of scarce resources. Public damage from
unmet expectations. Etc., etc.


TH>  It is time to stop fighting
TH> over which is better and put both approaches out there.

Recently, I have become fond of the phrase "ready, fire, aim", because
so many people support your suggestion.

As you may have noticed, I consider timely response to urgent need a
very good thing, indeed. But there is a difference between wasting time
working on an ideal solution, to the detriment of an adequate one,
versus ignoring basic questions of efficacy and cost.


>>  Once that debate is resolved, there is still the matter of compromised
>>  system. The message might actually come from the purported author's
>>  system, but still not be from the author because it has been taken over
>>  by evil forces. So, even with perfect automated validation, the content
>>  still might not be valid.

TH> Compromised systems are a problem, but the scope of the bogus mail
TH> originators is limited to the users of the compromised system.

Yup. That's why accountability is inherently good. At least the ability
to track down the source is accurate, even if the "identity" of the
source might be at issue.



d/
--
 Dave Crocker <dcrocker-at-brandenburg-dot-com>
 Brandenburg InternetWorking <www.brandenburg.com>
 Sunnyvale, CA  USA <tel:+1.408.246.8253>



[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]