Status of Email Authentication
2005-02-16 17:56:07
Seems like email authentication may be stalled because not enough ISPs are
actually using it. They won't start using it until can help them filter
incoming spam. That won't happen until a lot more other ISPs are using it,
and there are some good domain-rating lists available. Vicious
circle. Guess we'll have to wait for Microsoft to get the ball rolling.
I've done two things.
1) Written an encyclopedia article to explain the basics of email
authentication, independent of any particular method.
2) Offered to help my ISP set up a test platform, and see if authentication
can help in filtering the incoming flood.
I would like to get comments on the article
http://en.wikipedia.org/wiki/Email_Authentication I'm especially concerned
about the section on email forwarders. I had to take a wild guess as to
what an eventual standard header might look like. Does anyone know if
there has been any progress on this? I saw a recent article in CircleID
about IETF http://www.circleid.com/channel/index/C0_6_1/ . If anyone can
get beyond the arguments over petty details, it will be IETF.
As for the test platform, I'm looking at using Sendmail. They seem to be
the most aware of the huge potential payoff for authentication, and the
various factors needed to get things started. They are supporting all
three methods ( SPF, SenderID, and DomainKeys)
http://www.sendmail.com/solutions/security/ although they state in their
FAQ that a cryptographic method will be the best long-term
solution. http://www.sendmail.com/solutions/senderauth/faq/#difference
"Sendmail strongly believes that cryptographic approaches are the right
long term solution as they avoid many of the infrastructure disruptions
that IP auth would cause and they offer strong protection of the message
contents themselves." I guess that means DomainKeys.
Are there any other MTA's besides Sendmail that I should look at for the
tests? Does anyone have a suggestion for a domain-rating list? I see
SpamCop.net has a nice blacklist, and SenderBase.org has good statistics on
total mail volume. Seems like a good starting list could be generated
using ratios of spam reports to total volume.
-- Dave
<Prev in Thread] |
Current Thread |
[Next in Thread>
|
- Status of Email Authentication,
David MacQuigg <=
|
|
|