ietf-mailsig
[Top] [All Lists]

RE: Good enough?

2005-01-05 16:11:59


From: fanf2(_at_)hermes(_dot_)cam(_dot_)ac(_dot_)uk 
[mailto:fanf2(_at_)hermes(_dot_)cam(_dot_)ac(_dot_)uk] 
On Behalf Of Tony Finch

So would you say that this effort shouldn't aim to 
automatically eliminate spam and phishing, but instead make 
it easier for users to manually identify the < 10% of email 
that is legitimate?

For better or worse the email authentication means of solving the spam
problem is owned by SPF/Sender-ID framework for the next couple of years. I
beleive that in time signatures will superceed the IP based authentication
approach but that will take some time.

The critical pain point that must be addressed near term is impersonation
spam phishing. I am well aware that there are other forms of phishing,
botnets are a problem and that signatures will not solve these problems or
global hunger. But the fact is that if we had fixed email from the start the
impersonation tactic would be blocked. This is one of the holes that we have
to close as one part of a comprehensive Internet security infrastructure and
signatures with third party accredited logos are the way to do that.

I want every legitimate message that comes from a trusted, trustworthy
source to play a role in educating the end user to expect authentication. 

                Phill



<Prev in Thread] Current Thread [Next in Thread>