Andy Bakun wrote:
Unfortunately, I don't think there is a clue bat big
enough to get people to not think "the problem has
been solved! yippe!" once SPF/CID or whatever starts
getting Big Marketing behind it.
I totally agree, however I will point out two things:
1. We need Big Marketing behind it. There is a part of me that does not
like it, because I'm an engineer and these guys do not know the
difference between small embellishment and flat out lies and
undeliverable promises. Nevertheless, we have to deal with the fact that
it is the way Big Marketing works and that we need it.
We need everyone on board. Some people don't think they need to be in.
Marketing is what creates the need in their minds. We need to set
reasonable expectations, but we also need to keep our eyes on the ball,
and the ball is called deployment.
2. I don't remember who was talking yesterday at the BoF about the
dangers of self-fulfilling prophecies, but these dangers are very real.
If we begin to think that what we are doing is useless because there
will always be phishing and because the spammers have historically ran
around the obstacles we put in their way, we have lost the war already.
Nigerian scam existed before email, 20 years ago it was on fax machines.
Phishing existed before email, it was done over the phone before. We did
not create the problem, and we can't produce miracles on-demand. The
point is _not_ whether or not we're going to entirely solve the phishing
problem: we know we won't. The point is: are we going to make it better,
and the answer is yes.
Michel.