Rand Wacker wrote:
On Fri, 3 Sep 2004, Matt Sergeant wrote:
On 2 Sep 2004, at 23:06, Rand Wacker wrote:
As I said before, there is a large majority of mail that goes from
large commercial sites (or consumer ISPs) merely one hop to another
large commercial ISP, so the From: header will be successfully
authenticated.
You're talking about the positive evaluation proposition of Sender-ID -
that the From address is authenticated. Yet both Cyphertrust and
SpamAssassin's stats show that the spammers are more on top of this
than the legit mailers.
*NO*. I am talking about using authentication status as the basis for a
new set of checks such as whitelisting. I have been saying since the
beginning that spammers would authenticate their outbound mail in hipes
that someone would make the brain-dead assumption that "authenticated" ==
"wanted".
It can also serve as a basis for reputation and accreditation systems.
Remember that spam is multipronged, and this is another tool in the
toolbox. No one is talking about this as the final solution for spam.
Yakov