I fully agree that you cannot stop people from using disposable domains or
email addresses. But, if you can provide a migration path from an untrusted
network to a trusted network you can segregate the messages.
You can easily build system which leverage history on senders (and their
domains) to start making better decisions, but most systems are force into
the weak world of content analysis to make their decissions. In addtion you
can thwart many problems with web-proxy, sock-proxy style spam attacks
because they cannot generate validation information that matches the
transaction.
--koblas
From: "David Koblas" <koblas(_at_)mailfrontier(_dot_)com>
Spam at one level is a security problem, it's the allowance of
non-validated
sender to send messages impersonating other users.
Certainly a lot of spam does this, but it's not clear this is critical
to spam.
A fair number of spammers send from domains they probably own,
cheapmortgages.com and that kind of thing, so who's to say that's an
impersonation of any sort?
Others send from domains with fraudulent intent, but which likely
would slip by most proposed systems, such as xyz(_at_)yah00(_dot_)com (those
are
two zeros) or joe(_at_)aol-mailserver(_dot_)com (not real examples but
similar to
real examples, a common real example I see is
whatever(_at_)hotmial(_dot_)com).
--
-Barry Shein
Software Tool & Die | bzs(_at_)TheWorld(_dot_)com |
http://www.TheWorld.com
Purveyors to the Trade | Voice: 617-739-0202 | Login: 617-739-WRLD
The World | Public Access Internet | Since 1989 *oo*
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg