spf-discuss
[Top] [All Lists]

Re[2]: Re: DEPLOY: SPF/Sender ID support in Courier.

2004-08-28 05:18:55
A> server.  Please support SenderKeys (or something like it) and also

Bad idea. crypto stuff stomps on loads of legitimate middlemen,
costs dearly in bandwidth and CPU, is very complicated, prone to
export regulations and patents, and introduces a range of new security
problems - all with absolutely no benefit over plain old SPF.

some computer algorithm.  Note that public key cryptography at the
MUA with  huge keys is a way to accomplish this.
Nope. 2 words: "export regulations".  Besides - this means that
servers have to accept entire messages, run expensive crypto over
them, before deciding to reject.  No ISP is going to do this.

I think hashcash is a dead end as an anti-spam system. Spammers have
armies of zombies that can do the calculations for them, so it will

XPservicePack 2 very effectively stomps on zombies.  Everything that
want to accept incoming Internet connections, or establish new
outgoing ones, requires the user to manually accept this behavior - by
default. There must be lots of unhappy hackers this week, as they
watch their hard-earned zombie armies as they're cut down like flies
:-)) 

A> If I was Microsoft I would be stupid not to leverage their
A> majority marketshare in clients, and minimize the leverage of
A> internet-wide (non local network) servers where they are minority.
Yep - they're not stupid - with Pack 2 they've just said "fuck you" to
the entire "email metrics" market, as well as anyone serving enhanced
and/or dynamic email content - by upgrading Outlook and Outlook
express to block all external content.  The really stupid thing is
that this was unnecessary - some 3rd party company selling email
firewall software ran a campaign of bogus press releases trying to
convince everyone that spammers track emails using web-bugs, and MS
didn't bother to check any facts - they just blocked everyone out.
Spammers blast millions of emails to anyplace that accepts them: they
don't set up expensive servers that would get shut down quickly, and
would lead to the spammers risking capture, just to see who might be
opening their crap. Sheesh MS can be arrogant and dumb, even when
they're busy trying to not be stupid.