At 6:00 PM +0000 3/6/03, Tom Thomson wrote:
No, it isn't the situation we have now. It's closer to the situation we had
a while back, but the spammers have got a lot cleverer since. Injecting a
few "Received-From:" headers at source, complete with IP addresses and
domain name that corresponded to that IP at the time the message was
delivered to that MTA, means that when the message is delivered there is no
I agree that signed Received headers would make life easier, but I
think there are other signed things we could better focus on.
However I have yet to see a set of injected Received: headers that
could not be programmatically determined to be fake. If you have any
such messages (seriously), I'd like to see them.
Received-From trail? That's what makes me favour blacklists once we have
reliable authentication of point of origin, but only when we have that
reliable authentication (and have a pile of complaints not dealt with).
As I think has been said on this list, and certainly elsewhere.
Blacklists are worth what you pay for them. And those that charge,
get sued.
I also seriously worry about what would happen if some country
decides not to uphold the standards we are proposing and gets
blacklisted. Does it become a diplomatic affair?
--
Kee Hinckley
http://www.puremessaging.com/ Junk-Free Email Filtering
http://commons.somewhere.com/buzz/ Writings on Technology and Society
I'm not sure which upsets me more: that people are so unwilling to accept
responsibility for their own actions, or that they are so eager to regulate
everyone else's.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg