On Wed, 26 May 2004 15:00:00 MDT, Vernon Schryver
<vjs(_at_)calcite(_dot_)rhyolite(_dot_)com> said:
I don't see any of those proposals and their competitors as sane.
Oh, I wasn't addressing whether the proposals were workable, merely listing
proposals motivated by the fact that verifying the legitimacy of a sending
machine is difficult.
As you correctly note below, the proposals aren't even a workable solution to
the real problem (I've yet to see a proposal that works if the spammers start
utilizing zombie machines that snarf the already-stored credentials of the user
to send mail)....
Some of them, such as SPF, do not even meet their own design goals
as stated informally by their advocates. Others such as domain-keys
do not seem to do anything that is not already done by SMTP-TLS, despite
the goals in the I-D that seem to be closer to S/MIME. None of them
have much to do with spam, but only with a currently popular mode of
attack used by spammers. None have any hope of affecting even that
particular attack mode for years, because none can have any significant
effect until deployed on most SMTP clients. Many seem to be based on
insufficient familiarity with the nature of SMTP (e.g. SPF's incredible
source-routing scheme) and the urge to Do Something Now regardless of
actual results.
Do you realize how *difficult* it is to create a workable anti-spam scheme that
doesn't run afoul of at least one line item of your "you-might-be" checklist? :)
(Thanks for writing it, BTW - I've decided it's the canonical answer to the
question "Why is stopping spam so hard?")
pgpxIr8lZh0Ne.pgp
Description: PGP signature
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf