-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Friday 23 July 2004 10:11 am, Paul Howarth wrote:
Daniel Taylor wrote:
Paul Howarth wrote:
| how does SPF stop a spammer using throwaway domains with SPF records
| allowing any zombie to send for the domain, where the domain was
| registered using false information and phished credit card details?
It doesn't directly, but the reputation systems it allows
would make it trivial to spot such an attempt.
"hey, this domain is only a week old and has +all? better check
it more closely..."
Sure, but where are these reputation systems going to come from? And
who's going to pay for them, particularly given that they'll be a magnet
for litigation from the owners of domains that think their reputations
should be better than they are (just like Harris/Yesmail etc. effectively
litigated MAPS out of existence as far as most of the Internet is
concerned)?
The reputation system won't be centralized. Think of the reputation system
we have right now with IP addresses. That's what it is going to look like
in my imagination.
Sure, they got MAPS, but there are at least a hundred of them now, and every
significant email participant keeps a super-secret reputation service of
their own.
Maybe we can pester congress to write a law protecting reputation services
from litigation. I am sure that they would like credit in solving spam as
well.
We already have reputation systems in various industries - what is it that
the credit bureaus really do? They relay information on a consumer's
reputation. Those are wildly successful, to say the least.
- --
Jonathan M. Gardner
Mass Mail Systems Developer, Amazon.com
jonagard(_at_)amazon(_dot_)com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
iD8DBQFBAUh1BFeYcclU5Q0RAtT6AJ47ZPYQmSF6YhAeR7FjZU3XFvhGzgCdG0Y6
bQ1gSiFy3zcVMwxItb8B9A0=
=CfXk
-----END PGP SIGNATURE-----