"Hallam-Baker, Phillip" commented:
Even if we end up with spammers using disposable domains it will
mean a major switching cost for every message variant. In effect
the use of hash busters will be completely negated.
Saying that Sender ID will not work because of the throaway domain
problem is like saying that it is pointless putting locks on your
doors because a burglar can break a window.
I don't think anyone is listing this as a weakness of Sender-ID - certainly
no-one on this thread.
All anti-forgery schemes which force the bad guys to have to make themselves
visible are ultimately helpful.
We seem to have a violent agreement for once!
In the real world breaking
windows creates noise and leads to burglars being caught.
-----Original Message-----
From: owner-ietf-mxcomp(_at_)mail(_dot_)imc(_dot_)org
[mailto:owner-ietf-mxcomp(_at_)mail(_dot_)imc(_dot_)org]On Behalf Of Anne
P. Mitchell,
Esq.
Sent: Friday, September 03, 2004 4:55 PM
To: IETF MARID WG
Subject: RE: DEPLOY: Sender-ID provides little or no defence against
adaptive threats
Anne P. Mitchell wrote:
cf. CipherTrust's study released this week in which >50% of the
sources
for all email surveyed which published SPF records were spammers.
http://www.infoworld.com/article/04/08/31/HNspammerstudy_1.html
Just so there is no confusion... this is good news for SPF, not bad
news.
Absolutely, completely agreed! I should have elaborated. As I have
said in various public posts (elsewhere), if spammers want to tie
themselves to their sites by authentication, that's a *good*
thing. My
points are that a) spammers will adopt whatever is out there, and in
this instance b) spammers are stupid - by adopting what they
*think* is
an anti-spam protocol to help get their spam through, they
are actually
raising their hands and saying "here I am!"
Anne
Chris