Yes, although at least when we're dealing with (let's agree that we're
talking
mostly about POP3 here) E-mail, we can easily enough filter the message
before
the MUA gets it to block certain forms of potentially malicious (or at
least
"very dubious") HTML content, and we can do that with the knowledge of who
(at
least we believe that) the E-mail in question is coming from. That makes
the
problem easier than handling the same things when they are coming into a
Web
browser, which probably doesn't give us a good intercept point and in any
case
doesn't provide any standardized way for us to determine who sent the
E-mail (or
whatever) that's on the Web page being viewed.
As I've said, Web-based stuff is a different (and harder) problem that
we'll
have to deal with eventually, but at the moment that's mostly just a
diversion
and distraction from what we need to deal with HERE.
Filters can also be used prior to sending mail to web user.
The idea is to send mail with
authentication and if a secured webmail does that one should prefer that
rather than banging their head against the wall just because we need
SMTP/POP to do the job which is done better by some other thing.
Authentication proves NOTHING regarding legitimacy because a zombie
spambot can
trivially send what it sends using the authentication belonging to the
hijacked
system.
A zombie can send mail through SMTP not through HTTPS as of now
I'm talking about sending mail through secured webaccess after authentication
Authentication is also at least VERY problematical in cases like airport
or
cruise ship Internet access terminals/kiosks, where people need to use
their OWN
E-mail addresses but have absolutely **NO** control over which SMTP E-mail
server will be used by the kiosk software.
What is the %age of ppl using internet on cruise as compared to ppl using
internet on land at the same time. I dont know why you keep pushing the
idea of ppl on cruises.
We should remember that our goal is to stop spam by whatever means
possible,
protocol is just a medium.
Authentication does **NOTHING** to "stopping spam". It only adds a few,
relatively minor, restrictions on the technologies that spammers (and
worms and
viruses) use.
Again I was not only talking about Authentication. Atleast it stops forgery.
which still helps fighting spam in a way.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg