spf-discuss
[Top] [All Lists]

Re: The New SPF: overall outline - CAUTION GNU RE

2004-05-28 23:29:49
"Nico Kadel-Garcia" <nkadel(_at_)merl(_dot_)com> writes:

Expect a lively traffic in alt.2600 and other cracking groups in such
registered spam-for-free keys.

There is no key.

I do *not* agree that bonding this material is sufficient: the fraud
spammers simply will not care if they defraud some poor company who've
legitimately posted the bond and get their key stolen, or they will
pay underemployed geeks and perhaps even non-profits to purchase keys
for them. Given a general improvement in mail filtering from the use
of SPF and such validation keys, the spam-for-free keys will be even
more valuable.

The "key" in the case of Bonded Sender is the IP address (or with SPF,
the domain) of the sender.  If the IP or domain were hijacked somehow,
then it would simply be yanked from the Bonded Sender database, or their
reputation lowered, etc.

Buying bonds to send spam is not very economical since the bond would be
debited very quickly and the sender pulled from the database.

Daniel

-- 
Daniel Quinlan
http://www.pathname.com/~quinlan/