On Jun 17, 2007, at 1:55 PM, David Lawless wrote:
I'm not quite ready to declare sender authentication dead;
who knows what the next year will bring? However it's looking
bleak. Sender authentication requires substantial effort.
I don't see people (myself included) putting in that effort if
a handful of easily configured high-quality DNSBLs block 99.9%
of the spam.
Thanks for the insightful anecdote. I'm back, too, from being away
since around the same time.
And you're right that DNSBL quality has improved significantly.
Spamhaus are doing a fantastic job. There's an impressive amount of
coverage out there. Interestingly, though, there is also less
overlap than one might expect.
https://my.karmasphere.com/app/visibl/composite?
composite_id=karmasphere.email-sender
Now, blocking the bad stuff has always been the primary goal of the
antispam cause.
But in reaching that goal, new problems have been created.
I've talked to people both inside and outside the email world, and
their biggest complaint is now false positives.
Lots of legitimate messages aren't getting through when they should.
The very existence of the "deliverability" industry is testament to
this.
The picture that comes to mind is the poor person scrolling through
the spam folder once a day or once a week.
That picture has a caption on it that reads YOU'RE DOING IT WRONG. Heh.
How do we fix this?
In the last few years SPF adoption has done very well; DKIM is coming
along nicely.
I want to harness authentication to fight false positives.
That's why I've been on a campaign lately to acquire as many domain
whitelists as possible.
I'll put them together as a feedset on Karmasphere; once that's
ready, maybe we can find a way to integrate SPF checks with domain
whitelist lookups. I know there are Perl plugins for both. Postfix
is my favourite MTA, so I might start by patching whatever postfix
policyd is current...
What do you think?
-------------------------------------------
-----------------------------------------------------------------------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?list_id=735
Powered by Listbox: http://www.listbox.com