Can we discuss authentication approches that are actually being proposed
rather than straw men?
Whitelists in their own have limited value. Spam senders have shown that thy
will forge headers to bypass them. So een though I know hotmail has rate
limitting that makes it hard for people to spam through a whitelist to acept
all email with a hotmail from address would fail miserably.
Authentication on its own can have some effect. The spam senders are shy
types who have shown marked reluctance to disclose their identity. However
spam senders can get authentication redentials by setting up front
corporations.
So a combination of the aproaches is needed. Moreover you still need a way
of handling non authenticated mail which gets back to content filters.
-----Original Message-----
From: mathew
Sent: Tue Apr 01 15:36:14 2003
To: asrg(_at_)ietf(_dot_)org
Subject: Re: [Asrg] How to defeat spam that uses encryption?
On Tuesday, Apr 1, 2003, at 11:56 US/Eastern, Chuq Von Rospach wrote:
as a friend of mine who's a computer security expert keeps reminding
me, authentication is not authorization.
Correct, and furthermore identification is not the same as either
authentication or authorization.
This is why SSNs are such a problem. People try to use an
identification number for authentication and authorization.
mathew
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg