I agree. RMX would merely allow for me to protect my domain from
getting spoofed. By no means is it an anti-spam method.
RMX and SPF do not prevent all spam but they do have the potential to
eliminate impersonation spam (aka Joe Jobbing). This type of spam is
particularly serious because it has been used in a series of very successful
identity theft schemes. These include the persistent 'update your
ebay/amazon/paypal account solicitations and recently a series of emails
impersonating several banks.
Impersonation spam creates considerable inconvenience and cost for the
impersonation victim. In addition to the cost of fielding complaints about
the spam the victim's reputation is damaged. In many cases the impersonator
may steal business from the victim (anti-virus software spam, domain name
registration spam). It is not unusual for a spam to be correct in every
detail except for the telephone number to contact to give payment.
Certainly it is possible and useful to go further than IP address/Domain
Name verification of the type supported in RMX/SPF. But this does invalidate
RMX/SPF infrastructure as a first step. Nor is it tenable to claim that
RMX/SPF are insufficient and then claim that certificate based schemes are
unnecessary.
Phill
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg