From: "Hallam-Baker, Phillip" <pbaker(_at_)verisign(_dot_)com>
... The spam senders are shy
types who have shown marked reluctance to disclose their identity ...
Once again, for the umpteenth time, that is clearly false for almost
all spam. Almost all spam is some sort of advertising. In very few
cases does it makes sense to advertise via mail to strangers products
or services without providing an identity of some sort. That is why
almost all spam contains a URL, SMTP mail address, telephone number, or
post address at which a party responsible for the spam can be contacted.
The only shyness that almost all spam senders might have about their
identities involves their SMTP envelope or header From values. That
spammers really are shy about those values is an article of faith not
supported by evidence.
I think there is clear and convincing evidence that most spam carries
From values that are owned by the spam sender and that would be properly
authenticated by any authentication protocol usable by free mail providers
and sloppy ISPs during at least the start of a spew of spam.
Free mail providers and sloppy ISPs would need to arrange authentication
without significantly more effort by users than is now required to
obtain a throw-away account.
All of this is why SMTP-TLS, SMTP-AUTH, SUBMIT, S/MIME, and PGP provide
authentication of about all of the flavors you might like, but have
had no effect on spam.
Vernon Schryver vjs(_at_)rhyolite(_dot_)com
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg