ietf-mxcomp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Can you ever reject mail based on RFC2821 MAIL FROM?

2004-04-27 07:52:56
from [Matt Sergeant] [Permanent Link] 

On 27 Apr 2004, at 14:51, Hallam-Baker, Phillip wrote:


Anything where a spammer can setup their own domain, add dns
records, and
freely pass through our system just isn't going to fly.


I agree with this, but disagree with your conclusion.


The spamassassin developers (of which I used to be one, may
go back some
day) got rid of all "white" rules in SpamAssassin a while
ago, because
spammers (ab)use them to get through.

So I conclude that for our servers any MARID system *cannot* be a
whitelisting system, because they are just far too open for abuse.


MARID is an authentication system (title mistake aside).

Access Control = Authenctication + Authorization.
Right. There's no authorization mechanism available yet for Caller-ID, which is what I meant when I said I didn't see the value. 


The mistake that was made in the spamassasin case was to use
authorization without any authentication to anchor it to a particular
identity.
I didn't mean the whitelist_from rules (which whitelisted based on the From address alone) - I meant all of the negative scoring rules. It became a meta rule if you're writing a heuristic spam filter: "never have non-spam rules" 


It is just as big a mistake to blindly whitelist domains that have
SPF records.
SPF is clearly designed with different aims in mind. It's a rejection mechanism not an acceptance mechanism. 


Accreditation is out of scope here, but MARID is a component of a
spam solution not a complete solution in itself.

Today       MARID + Spam filter   = improved spam situation
Future      MARID + Accreditation = The end of spam
My question then, if the MARID you propose is a whitelisting mechanism, is what is the difference between "Spam filter" and "MARID + Spam filter"?
Harry talks about barriers to acceptance with SPF (breaking forwarding), but if the *value* of accepting Caller-ID is effectively a "short" (a gamble on a potential future gain), I can't help but feel this is a larger barrier. 

Matt.


______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email ______________________________________________________________________
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  SPF "accredit" modifier, Meng Weng Wong
Next by Date:  RE: Can you ever reject mail based on RFC2821 MAIL FROM?, Hallam-Baker, Phillip
Previous by Thread:  RE: Can you ever reject mail based on RFC2821 MAIL FROM?, Hallam-Baker, Phillip
Next by Thread:  RE: Can you ever reject mail based on RFC2821 MAIL FROM?, Hallam-Baker, Phillip
Indexes:  [Date] [Thread] [Top] [All Lists]