From: "Chris Lewis" <clewis(_at_)nortelnetworks(_dot_)com>
If you believe as I do that the reason genuine mail forgery (as opposed
to using a legitimately owned Hotmail dropbox) fell off dramatically
a year or three ago is related to the laws criminalizing header forger,
then you don't need any crypto.
We still get a heck of a lot of spam that claims to be from our own
servers and/or users. Thousands of spam blowback (spam forged in our
domains bouncing back) too.
Again, for the umpteenth time, of course there is some header forgery,
but is it as much as most people claime? I don't think so. My guess
is that perhaps 10% of what most people claim is "forged" spam really
is. 10% of all of the spam in the world implies a "heck of a lot of
blowback and other noise. Do you have any evidence that your heck of
a lot of forged spam is the majority or even a large fraction of spam?
My jihad in this area is to get people to stop using "forged" to mean
"sender domain differs from SMTP client reverse DNS". That sloppy
language thinking is like using "douple plus super duper opt-in" for
"(confirmed) opt-in." People use both sorts of language to mislead
and to try to justify positions that have no honest justification.
Vernon Schryver vjs(_at_)rhyolite(_dot_)com
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg