On Tue, 6 May 2003, Barry Shein wrote:
Header forging is one method spammers use to hide their identity, but
they don't care a lot whose header they use. Sure, to some extent
these psychopaths tend to be drawn towards sticking xyz(_at_)bighost(_dot_)com
because why not?
But if that were made even slightly difficult they'd just use
xyz(_at_)anyhost(_dot_)com(_dot_)
Barry,
Ask yourself: Why are spammers drawn to bighost.com addresses?
It's because these sources carry an implicit trust, which becomes explicit
when spamassassin starts evaluating whether the message is spam or ham.
If we can prevent spammers from using respected names, then we've pushed
them toward unknown names (or more precisely, names from which the recipient
does not normally receive ham) which carry a lower default credibility; a
message will have to look substantially more spam-like to be rejected if it
comes legitimately (according to RMX records) from bighost.com.
On the other hand, the spam threshold will be a lot higher for forged
messages that claim to come from bighost.com but in fact do not.
I'm also wondering why this is better than signing envelope info with
something like PGP? Wouldn't the latter remove the need for the
real-time backtalk?
I love PGP; the reason it hasn't seen widespread deployment is that it's a
heavyweight solution. I believe that RMX is just lightweight enough to
actually happen.
Mike
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg