ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Asrg] Community proposal alert...Vendor Proposes Open E-mail Standards To Fight Spam

2003-05-02 17:09:13
from [Barry Shein] [Permanent Link] 


The Trusted E-mail Open Standard proposed by ePrivacy Group could help
fight spam by adding verifiable sender identification and content
assertions to e-mail.

http://computerworld.com/newsletter/0,4902,80902,00.html?nlid=AM


Looks to me like a warmed over rehash of PGP signing maybe with some
SSL/TLS kind of stuff thrown in.

It mostly deals with knowing that "MAIL FROM:<xyz(_at_)bigco(_dot_)com>" or
similar is actually coming from someone at bigco.com because their
certificate (&c) can be checked in the SMTP conversation.

But this, to me, is a tiny part of the spam problem.

I agree that a fair amount of spam forges something like 
xyz(_at_)bigco(_dot_)com
so you're either more likely to read it or it passes through any
filter which might otherwise block another address or both.

But a ton of spam we block here really is from bigco.com, or more
specifically bigisp.com (e.g., DSL blocks from comcast.com seem to be
a huge source of pain lately, not to mention our friends across the
pacific) so it doesn't help with any of that.

And then there's the whole (legitimate) forwarding problem which is
probably better solved by PGP signing because no matter how much it
bounces about you can still verify the final message as having
originated from who it says it's from with a high degree of
confidence.

But for that an MUA could just mark whether the SMTP conversation was
with a server actually within bigco.com's netblock and accomplish much
of the same thing as this proposes.

And, even better, add some way to get bigco.com's list of outgoing
mail server's ip addresses and verify it came from one of those,
something similar to a reversed RBL or DNSRBL. That info is already
very reliable and in the Received headers.

So, apparently well-intentioned, but mostly redundant and orthogonal
to the actual problem it claims to have been designed for.

-- 
        -Barry Shein

Software Tool & Die    | bzs(_at_)TheWorld(_dot_)com           | 
http://www.TheWorld.com
Purveyors to the Trade | Voice: 617-739-0202        | Login: 617-739-WRLD
The World              | Public Access Internet     | Since 1989     *oo*
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Asrg] Changing mailing lists from push to pull, Barry Shein
Next by Date:  Re: [Asrg] Community proposal alert...Vendor Proposes Open E-mail Standards To Fight Spam, Vernon Schryver
Previous by Thread:  [Asrg] Community proposal alert...Vendor Proposes Open E-mail Standards To Fight Spam, Eric D. Williams
Next by Thread:  Re: [Asrg] Community proposal alert...Vendor Proposes Open E-mail Standards To Fight Spam, Vernon Schryver
Indexes:  [Date] [Thread] [Top] [All Lists]