spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: SPF too late?

2004-11-17 12:13:16
from [Hallam-Baker, Phillip] [Permanent Link] 
Yes but how much spam does it stop?

It is trivial to obtain a 0% accurate false positive rate or false negative
rate, simply let everything through or reject everything. The real test has
to include both sides of the equation.

The more you know about the definitely good mail, the more discriminatory
you can be on the bad.


I believe that the spam problem will go through a progression as follows:

  * Legitimate senders deploy SPF in large numbers
        * Impersonation spam tactic is defeated
        * Registration of throwaway domains becomes a problem
  * Accreditation technology is deployed in significant numbers
        * Whitelisting of good mail is widely used
        * Spammers send more junk
        * spam filtering thresholds raised
        * Authentication & Accreditation become effectively required
  * Criminal spam problem subsides
        * The junk mail (i.e. non-criminal spam) problem emerges
        * Greater confidence in email leads to more use for junk
        * Email acceptable sender policies are tightened
        * Enterprises start deploying compliance enforcement technologies

While junk mail is spam I think that there are acctually two different
problems here and that two different solutions need to be applied.



-----Original Message-----
From: owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com 
[mailto:owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com] On Behalf Of Chris 
Drake
Sent: Tuesday, November 16, 2004 4:36 PM
To: spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
Subject: [spf-discuss] SPF too late?


BrightMail claims false-positive rates of 1 in a billion. 
I've been using it for 3 days, and it's been spot-on so far 
(I get a *lot* of junk and a lot of legitimate mail).  
There's no need for SPF or SenderID or anything else if it 
can keep this up.  Dunno how it works though - I would have 
said this false pos rate was impossible. Doesn't stop 'em 
from fibbing on their web site still: the "one in a billion" 
test was from a report in Feb 2003, but their web site quotes 
"2004" every time they reference the 1in1e9 report.  I'm 
itching to prove them wrong still, so I'm about to redirect 
all my business's spam and legit emails to my iiNet 
brightmail account too :-)

Kind Regards,
Chris Drake

-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
http://www.InboxEvent.com/?s=d --- Inbox Event Nov 17-19 in 
Atlanta features SPF and Sender ID. To unsubscribe, change 
your address, or temporarily deactivate your subscription, 
please go to 
http://v2.listbox.com/member/?listname=spf-> 
discuss(_at_)v2(_dot_)listbox(_dot_)com
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: New US Law On Anti-Trust And Standards Bodies, Michael Hammer
Next by Date:  Re: Voting testers please, william(at)elan.net
Previous by Thread:  New US Law On Anti-Trust And Standards Bodies, Scott Kitterman
Next by Thread:  Re: SPF too late?, Frank Ellermann
Indexes:  [Date] [Thread] [Top] [All Lists]