--On 22 June 2009 13:04:29 -0500 Gordon Peterson
<gep2(_at_)terabites(_dot_)com> wrote:
> Yes, that's why we've been working on mail authentication a la DKIM for
The point being that Aunt Martha's machine can be compromised, such that
even with her own IP, her habitual outgoing mail server, and her valid
credentials, it might still be shipping spam. It's not enough that it
LOOKS like (or even IS) coming from her...
If Aunt Martha's spamming me, then I'll know it from the content. I can
then help her fix the problem, provided the authentication tells me that
her credentials have been used. Otherwise, I'll just put it down to
spoofing.
If I don't know Aunt Martha, I'll still want to alert her or her ISP that
she's spamming. I don't care who the owner of the botnet is, it's Aunt
Martha that can fix her machine.
just as it's not enough to see
that mail has your friend's return E-mail address if it's actually
Grouply spam. It's far better to see whether the incoming e-mail with
Martha's return address has all the typical things that Aunt Martha's
mail messages ACTUALLY HAVE (for example, does it use the 'stationery'
that she maybe 'always' uses?) Again, this is analogous to what humans
actually do when considering a suspect incoming e-mail message... does it
look the way you'd expect mail FROM THAT SENDER to actually look? What
yellow or red flags is it flying? This requires looking at the content,
too.
--
Ian Eiloart
IT Services, University of Sussex
01273-873148 x3148
For new support requests, see http://www.sussex.ac.uk/its/help/
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg