On Fri, Oct 24, 2003 at 04:32:15PM -0400, Yakov Shafranovich wrote:
|
| CNET News.com has posted a news article about the reconciliation effort
| of different RMX protocols:
|
| http://news.com.com/2100-1038_3-5096820.html
|
The idea behind the related schemes is to change the Domain Name System
database so that e-mail servers can publish what IP addresses are
associated with them. Internet service providers receiving e-mail can
instantaneously verify whether an e-mail originates where it says it
does.
The system, if successful, would protect e-mail server and individual
address owners from having their addresses falsely suspected of sending
spam.
Some efforts to attack the problem, such as the Trusted E-mail Open
Standard, have already launched. But so far, they have failed to gain
widespread adoption.
The problem of e-mail address spoofing is a fundamental obstacle to
curbing spam, say ISPs and antispam companies. Spammers typically cover
their tracks by hacking into unprotected e-mail servers, or open relays;
by hijacking other e-mail servers; and by falsifying names and e-mail
addresses in the e-mail sender field.
ASRG members sounded an optimistic note about the new unification
subcommittee and the prospect of solving the spam problem with
protocols, rather than legal curbs or economic disincentives that would
force people to pay to send e-mail on a per-message basis.
"We can solve spam with a technical solution, rather than by going
through the Congress or by implementing micropayments," said Meng Wong,
founder and chief technology officer of Philadephia-based e-mail service
provider Pobox.com, a backer of SPF and a member of the ASRG
subcommittee. "We're all trying to come together on this. Because I
think SPF offers a superset of functionality, we're probably going to
wind up with something very similar to it by the end of the process."
Earlier this year, Pobox.com estimated that more than 70 percent of the
e-mail it processed was spam.
Wong said sender verification systems would have to work in conjunction
with some type of reputation system that would help recipients recognize
known spammers' domains.
"Once you have reputation systems that work on the basis of domains,
which spammers cannot forge, then no matter how many machines you hack
into, you still have to use the spammer's domain," Wong said. "And
that's how we'll get you."
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.txt
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname(_at_)©#�«Mo\¯HÝÜîU;±¤Ö¤Íµø�?¡