On Wed, 26 May 2004 15:00:00 MDT, Vernon Schryver <vjs@xxxxxxxxxxxxxxxxxxxx> said: > I don't see any of those proposals and their competitors as sane. Oh, I wasn't addressing whether the proposals were workable, merely listing proposals motivated by the fact that verifying the legitimacy of a sending machine is difficult. As you correctly note below, the proposals aren't even a workable solution to the real problem (I've yet to see a proposal that works if the spammers start utilizing zombie machines that snarf the already-stored credentials of the user to send mail).... > Some of them, such as SPF, do not even meet their own design goals > as stated informally by their advocates. Others such as domain-keys > do not seem to do anything that is not already done by SMTP-TLS, despite > the goals in the I-D that seem to be closer to S/MIME. None of them > have much to do with spam, but only with a currently popular mode of > attack used by spammers. None have any hope of affecting even that > particular attack mode for years, because none can have any significant > effect until deployed on most SMTP clients. Many seem to be based on > insufficient familiarity with the nature of SMTP (e.g. SPF's incredible > source-routing scheme) and the urge to Do Something Now regardless of > actual results. Do you realize how *difficult* it is to create a workable anti-spam scheme that doesn't run afoul of at least one line item of your "you-might-be" checklist? :) (Thanks for writing it, BTW - I've decided it's the canonical answer to the question "Why is stopping spam so hard?")
Attachment:
pgp00442.pgp
Description: PGP signature
_______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf