FWIW, I still think these sort of approaches might have some utility
with authentication but will have little to no effect on spam so I
wonder why they get so much attention on this list.
As far as I can tell spammers have now become domain registries and
just generate random-appearing, generated domains like www.fxbrezd.com
(or, more often, .info or .somecountryyoudon'twanttoknowmoreabout.)
For example, these whacko domains usually have functioning MX's.
Which means they can just as easily set up SPF or Domain Key or
similar services for those randomly generated domains.
Also, much spam from hijacked PCs seems to use the hijacked
PC's host, as in
wasteofoxygen(_at_)dyn-83-155-31-99(_dot_)ppp(_dot_)tiscali(_dot_)fr
That sort of thing will get around these SPF/YDK approaches, right?
And of course there's the whole problem of the envelope vs the header
since these generally check the envelope but the user generally sees
the header so can be spoofed anyhow. I realize this generally prompts
a response about how there's some effort, somewhere, to extend all
this into the header which is passed off as an answer but it quickly
starts to sound like "oh we'll invent that too!" back-patching on an
apparently weak idea.
Again, I don't know for a fact that this is completely useless
technology (like proof-of-work which is useless technology), but I
think it's only potentially useful against certain types of scams,
domain forgeries with malicious intent, in a very weak way, and as
such really has little to nothing to do with spam per se except
inasmuch as we can rationalize that ``anything which comes via email
and might harm or annoy me'' is hereby spam.=
--
-Barry Shein
Software Tool & Die | bzs(_at_)TheWorld(_dot_)com |
http://www.TheWorld.com
Purveyors to the Trade | Voice: 617-739-0202 | Login: 617-739-WRLD
The World | Public Access Internet | Since 1989 *oo*
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg