ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: [Asrg] Lets Fix Mailing Lists

2003-03-08 22:31:23
from [Hallam-Baker, Phillip] [Permanent Link] 
You can't whitelist on the sender address domain unless you have 
authentication.

If you can trust that everything claiming to come from cisco.com or 
microsoft.com really is from there you can whitelist the zone.

I could draw up a whitelist of 95% of the zones that legit mail is 
likely to be sent from.

But if the spam senders can forge headers then they are soon ganna
be worthless.

And yes over 50% of my spams (ones I have received that is) have 
forged headers.

        Phill


-----Original Message-----
From: Vernon Schryver [mailto:vjs(_at_)calcite(_dot_)rhyolite(_dot_)com]
Sent: Saturday, March 08, 2003 10:59 PM
To: Asrg(_at_)ietf(_dot_)org
Subject: Re: [Asrg] Lets Fix Mailing Lists



From: "Chris Lewis" <clewis(_at_)nortelnetworks(_dot_)com>



If you believe as I do that the reason genuine mail 

forgery (as opposed

to using a legitimately owned Hotmail dropbox) fell off 

dramatically

a year or three ago is related to the laws criminalizing 

header forger,

then you don't need any crypto.


We still get a heck of a lot of spam that claims to be from our own 
servers and/or users.  Thousands of spam blowback (spam 

forged in our

domains bouncing back) too.


Again, for the umpteenth time, of course there is some header forgery,
but is it as much as most people claime?  I don't think so.  My guess
is that perhaps 10% of what most people claim is "forged" spam really
is.  10% of all of the spam in the world implies a "heck of a lot of
blowback and other noise.  Do you have any evidence that your heck of
a lot of forged spam is the majority or even a large fraction of spam?

My jihad in this area is to get people to stop using "forged" to mean
"sender domain differs from SMTP client reverse DNS".  That sloppy
language thinking is like using "douple plus super duper opt-in" for
"(confirmed) opt-in."  People use both sorts of language to mislead
and to try to justify positions that have no honest justification.


Vernon Schryver    vjs(_at_)rhyolite(_dot_)com
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg


_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Asrg] Lets Fix Mailing Lists, Jim Youll
Next by Date:  Re: [Asrg] Lets Fix Mailing Lists, Vernon Schryver
Previous by Thread:  RE: [Asrg] Lets Fix Mailing Lists, Hallam-Baker, Phillip
Next by Thread:  RE: [Asrg] Lets Fix Mailing Lists, Vernon Schryver
Indexes:  [Date] [Thread] [Top] [All Lists]