[List owners: I have a feeling my mails from my secondary address -
msergeant(_at_)startechgroup(_dot_)co(_dot_)uk are stuck in a moderation queue
somewhere]
On Mon, 26 Apr 2004, Hallam-Baker, Phillip wrote:
On Mon, 26 Apr 2004, Hallam-Baker, Phillip wrote:
This is the key.
WE ARE AUTHENTICATING THE GOOD EMAIL.
Then I don't see the point, as you define good email as that with a
Caller-ID record. Surely S/MIME or even server to server TLS
would do that better?
It would do the job 'better' in the same sense that a fully armoured
tank would do the job of getting to work safely 'better'.
OK, so we've established that:
1) Caller-ID authenticates "GOOD EMAIL". Effectively a whitelisting
technique.
2) Caller-ID is better at this than S/MIME or TLS because it's easier to
setup and administer.
This is useful to know your positioning on Caller-ID. Let me know if the
above is way off base.
From a security perspective, anything doing whitelisting through our
servers had better either be something setup by me (i.e. my own list of
known good sending IPs) or something cryptographically strong.
Anything where a spammer can setup their own domain, add dns records, and
freely pass through our system just isn't going to fly.
The spamassassin developers (of which I used to be one, may go back some
day) got rid of all "white" rules in SpamAssassin a while ago, because
spammers (ab)use them to get through.
So I conclude that for our servers any MARID system *cannot* be a
whitelisting system, because they are just far too open for abuse.
______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
______________________________________________________________________