spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: ITU "spam" summit concludes in Geneva

2004-07-12 12:06:07
from [John Glube] [Permanent Link] 
From: Meng Weng Wong
Sent: July 12, 2004 12:14 PM
Subject: [spf-discuss] ITU "spam" summit concludes in Geneva

On the subject of standards, John Levine produced
a paper titled:

"Technical Approaches to Spam and Standards
Activities (ITU WSIS Spam Conference)"

http://www.itu.int/osg/spu/spam/presentations/LEVINE_Session%203.
pdf

See in particular pages 24 - 26. 

Sender ID • Combines SPF (M. W. Wong et al.) and
Caller ID (Microsoft) • Validates message
sender’s address via originating IP address •
Technically straightforward • Debatable
effectiveness and “collateral damage” • Needs
reputation system

(Page 24)

Client SMTP validation • CSV developed by D.
Crocker, J. Leslie et al. • Validates sending
mail host • Debatable effectiveness, less
collateral damage than Sender ID • Also needs
reputation system

(Page 25)

Future work • Domain keys, TEOS, and other
message validation • Reputation and accreditation
systems

(Page 26)

This paper was presented for Session 3 by Mr.
Levine.

In his oral presentation, Mr. Levine indicates
how all the technical solutions fit together and
provides an overview of implementation.

http://www.itu.int/osg/spu/spam/meeting7-9-04/agenda.html

(You can listen to an audio of this session.)

As to point 18 of the Chairman's report:

"Although authentication systems are deemed to be
a critical part of the solution, their
implementation remains problematic, and the wide
adoption of a standard authentication method
seems far away. Furthermore, the cost of
technical solutions, the level of technical
support necessary and the need for continual
updating, present cost issues for developing
countries, their ISPs and their users."

I make three comments:

* The first sentence simply reflects an
underlying reality that sender authentication is
not the "silver bullet."

* The second sentence is a realistic reflection
of the developing world's concerns.

* In the US, based on the work being done by the
MARID working group, the call made by the FTC for
one standard, along with the policy paper by ASTA:

The large US industry trade organizations are now
urging member to publish an SPF record and
register their domain.

An example of this is a publication titled the
DMA/AIM e-mail authentication brief:

http://www.the-dma.org/cgi/dispnewsstand?article=2478

John Glube
Toronto, Canada

The FTC - One Standard for Sender Authentication
http://www.learnsteps4profit.com/dne.html

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.718 / Virus Database: 474 - Release Date: 09/07/2004
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: "redirect" in an included SPF record, Frank Ellermann
Next by Date:  Re: Re: "redirect" in an included SPF record, Meng Weng Wong
Previous by Thread:  Re: ITU "spam" summit concludes in Geneva, Meng Weng Wong
Next by Thread:  Intuit, Waitman C Gobble II
Indexes:  [Date] [Thread] [Top] [All Lists]