spf-discuss
[Top] [All Lists]

Re: Some thoughts about spam and SPF

2004-08-18 10:41:23
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tuesday 17 August 2004 10:12 am, Fridrik Skulason wrote:
Combined with legal means, ISPs restricting outgoing traffic, and
a real-time blacklist, you could eliminate much of the spam, but
not all - compromised machines are a problem in most scenarios.

What will happen is those people who refuse to secure their networks will 
get a bad reputation. For instance, suppose Amazon (or Microsoft, or any 
major corporation on the internet) gets infected with a spammy worm. If the 
company doesn't move to immediately stop the worm, or if it leaves itself 
to infection time and again, then people won't trust mail coming from that 
company as much as email coming from a company that takes extra precaution 
to ensure that it doesn't get infected with spammy worms.

In the end, you will be filtering irresponsible companies' mail, checking 
for the latest worm, but you won't be filtering responsible companies' mail 
because they won't have a history of sending out worms. The sender pays by 
either cleaning up their network or by losing the occasional authentic 
email to filters. That's the practical aspect.

Don't underestimate the power of public opinion. If company A had a 
reputation for being worm infected, but company B always kept their act 
clean, which one would you trust with your business? In other words, when 
we start tracking down who's sending these worms and not securing 
themselves, there will be even more incentive to clean up their act.

- -- 
Jonathan M. Gardner
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQFBI5TDBFeYcclU5Q0RAo5KAKCO9DvvOhcxtEfpTgkzie0bPlo4ZACdEMgp
XvgOn3s17CF+P2tp52Q/01M=
=4VGf
-----END PGP SIGNATURE-----