Reader Comments

Subscribe: RSS

View by: Time | Thread

1. 

   Jesse McNelis, 19 Oct 2005 @ 10:38pm

   
   

   This is only a problem if...

   This is only a problem if people continue to send unauthicated emails.
   The email authication is quite important but just like SSL doesn't create trust it only allows for trust to be maintained.
   ie. if a spammer sends you an email you can verify that it came from the spammer, but this is no reason to trust the spammer.

   [ link to this | view in thread ]

2. 

   Nate, 19 Oct 2005 @ 11:22pm

   
   

   You should know better

   Why does everyone think e-mail authentication is an anti-spam technique? It’s purpose is clear: to prevent forgeries, i.e. authenticate the sender.
   
   There is some overlap between that and the spam world, but not much. I think a lot of big companies want to use it to ensure that nobody abuses their domain name and/or trademark.

   [ link to this | view in thread ]

3. 

   Mike (profile), 19 Oct 2005 @ 11:56pm

   
   

   Re: You should know better

   That's re-writing history. The companies behind sender authentication have been pitching it as an anti-spam technique from the very beginning. And, while it's clear that it's NOT an anti-spam technique, the reason we're pointing it out is because it was sold as one.

   [ link to this | view in thread ]

4. 

   Jesse McNelis, 20 Oct 2005 @ 2:51am

   
   

   Re: You should know better

   It works fine as an anti-spam system.
   Set your mail server to only accept authicated emails, then block emails that come from domains owned by spammers.
   Although, SenderID's little computational puzzles are a much better idea for preventing spam.
   

   [ link to this | view in thread ]

5. 

   Tim, 20 Oct 2005 @ 3:02am

   
   

   Re: You should know better

   Let Bayes and SA sort it out as a rule. Do the naive-Bayes twist on it: analyze what proportion of authenticated mails are ham or spam in a suitably huge corpus, and then deal with reality. :)

   [ link to this | view in thread ]

6. 

   Pete Austin, 20 Oct 2005 @ 3:50am

   
   

   Re: You should know better

   Ditto Nate's comment. The main value of authentication systems such as SPF is against fake emails (Joe Jobs and Phishing) and email virusses.
   
   Their main anti-spam impact could be indirect, because they will make it more difficult to recruit botnets which are apparantly the source of most spam.

   [ link to this | view in thread ]

7. 

   Anonymous Coward, 20 Oct 2005 @ 8:11am

   
   

   Re: You should know better

   Ok, I'll just set my server to only accept authenticated emails - then i'll start missing over half of all legit mail that comes to me.
   
   oh, ok, then i'll block all email from servers owned by spammers - because that's not a huge moving target or anything.
   
   the problem won't get fixed. use a junk mail filter and get on with your lives.

   [ link to this | view in thread ]

8. 

   Dana Nowell, 20 Oct 2005 @ 10:25am

   
   

   Re: You should know better

   Actualy it IS one if implemented with certain simple additions. Specifically, if I KNOW the email came from address X (authenticated) and I know that address sends SPAM, I can blacklist that address in my mail agent. Sendmail, postfix, and most others have the concept of an access list. Add that domain to the access list with a 'deny', problem solved.
   
   

   [ link to this | view in thread ]

9. 

   Anonymous Coward, 20 Oct 2005 @ 12:53pm

   
   

   Re: You should know better

   'problem solved'
   spammers churn throught servers by the thousands - constantly buying new blocks of IPs and domain names. the black list will ALWAYS be behind the curve, it is impossible to catch up. you will ALWAYS receive spam.
   sender authentication is a complete waste of time and resources and only:
   1) helps the spammers
   2) prevents more legit mail from being delivered (stupid aol)
   
   not a difficult concept!

   [ link to this | view in thread ]