Re: spoofing email addresses

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, 26 May 2004 15:00:00 MDT, Vernon Schryver <vjs@xxxxxxxxxxxxxxxxxxxx>  said:
> I don't see any of those proposals and their competitors as sane.

Oh, I wasn't addressing whether the proposals were workable, merely listing
proposals motivated by the fact that verifying the legitimacy of a sending
machine is difficult.

As you correctly note below, the proposals aren't even a workable solution to
the real problem (I've yet to see a proposal that works if the spammers start
utilizing zombie machines that snarf the already-stored credentials of the user
to send mail)....

> Some of them, such as SPF, do not even meet their own design goals
> as stated informally by their advocates.  Others such as domain-keys
> do not seem to do anything that is not already done by SMTP-TLS, despite
> the goals in the I-D that seem to be closer to S/MIME.  None of them
> have much to do with spam, but only with a currently popular mode of
> attack used by spammers.  None have any hope of affecting even that
> particular attack mode for years, because none can have any significant
> effect until deployed on most SMTP clients.  Many seem to be based on
> insufficient familiarity with the nature of SMTP (e.g. SPF's incredible
> source-routing scheme) and the urge to Do Something Now regardless of
> actual results.

Do you realize how *difficult* it is to create a workable anti-spam scheme that
doesn't run afoul of at least one line item of your "you-might-be" checklist? :)
(Thanks for writing it, BTW - I've decided it's the canonical answer to the
question "Why is stopping spam so hard?")

Attachment: pgp00442.pgp
Description: PGP signature

_______________________________________________

Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]