Maybe We Should Just Trash All Authenticated Email

Reader Comments

(Flattened / Threaded)

Oct 19th, 2005 @ 10:38pm

• This is only a problem if...

  by Jesse McNelis

  This is only a problem if people continue to send unauthicated emails.
  The email authication is quite important but just like SSL doesn't create trust it only allows for trust to be maintained.
  ie. if a spammer sends you an email you can verify that it came from the spammer, but this is no reason to trust the spammer.

  (reply to this comment) (link to this comment)

Oct 19th, 2005 @ 11:22pm

• You should know better

  by Nate

  Why does everyone think e-mail authentication is an anti-spam technique? It’s purpose is clear: to prevent forgeries, i.e. authenticate the sender.
  
  There is some overlap between that and the spam world, but not much. I think a lot of big companies want to use it to ensure that nobody abuses their domain name and/or trademark.

  (reply to this comment) (link to this comment)

Oct 19th, 2005 @ 11:56pm

• Re: You should know better

  by Mike (profile)

  That's re-writing history. The companies behind sender authentication have been pitching it as an anti-spam technique from the very beginning. And, while it's clear that it's NOT an anti-spam technique, the reason we're pointing it out is because it was sold as one.

  (reply to this comment) (link to this comment)

Oct 20th, 2005 @ 3:02am

• Re: You should know better

  by Tim

  Let Bayes and SA sort it out as a rule. Do the naive-Bayes twist on it: analyze what proportion of authenticated mails are ham or spam in a suitably huge corpus, and then deal with reality. :)

  (reply to this comment) (link to this comment)

Oct 20th, 2005 @ 10:25am

• Re: You should know better

  by Dana Nowell

  Actualy it IS one if implemented with certain simple additions. Specifically, if I KNOW the email came from address X (authenticated) and I know that address sends SPAM, I can blacklist that address in my mail agent. Sendmail, postfix, and most others have the concept of an access list. Add that domain to the access list with a 'deny', problem solved.
  
  

  (reply to this comment) (link to this comment)

Oct 20th, 2005 @ 12:53pm

• Re: You should know better

  by Anonymous Coward

  'problem solved'
  spammers churn throught servers by the thousands - constantly buying new blocks of IPs and domain names. the black list will ALWAYS be behind the curve, it is impossible to catch up. you will ALWAYS receive spam.
  sender authentication is a complete waste of time and resources and only:
  1) helps the spammers
  2) prevents more legit mail from being delivered (stupid aol)
  
  not a difficult concept!

  (reply to this comment) (link to this comment)

Oct 20th, 2005 @ 2:51am

• Re: You should know better

  by Jesse McNelis

  It works fine as an anti-spam system.
  Set your mail server to only accept authicated emails, then block emails that come from domains owned by spammers.
  Although, SenderID's little computational puzzles are a much better idea for preventing spam.
  

  (reply to this comment) (link to this comment)

Oct 20th, 2005 @ 8:11am

• Re: You should know better

  by Anonymous Coward

  Ok, I'll just set my server to only accept authenticated emails - then i'll start missing over half of all legit mail that comes to me.
  
  oh, ok, then i'll block all email from servers owned by spammers - because that's not a huge moving target or anything.
  
  the problem won't get fixed. use a junk mail filter and get on with your lives.

  (reply to this comment) (link to this comment)

Oct 20th, 2005 @ 3:50am

• Re: You should know better

  by Pete Austin

  Ditto Nate's comment. The main value of authentication systems such as SPF is against fake emails (Joe Jobs and Phishing) and email virusses.
  
  Their main anti-spam impact could be indirect, because they will make it more difficult to recruit botnets which are apparantly the source of most spam.

  (reply to this comment) (link to this comment)

Add Your Comment