Maybe We Should Just Trash All Authenticated Email

from the one-way-to-fix-spam dept

For the most part, sender authentication techniques have been a joke. The early adopters were spammers themselves. While some people claimed this meant that those spammers were "outed" it doesn't seem like anyone actually did much about them. Now, though, a marketing trade group is requiring its members to start using sender authentication techniques in any marketing emails. While this may seem like a way to further give these authentication systems legitimacy, it might actually do the opposite. Suddenly, all the marketing messages that people get will be authenticated as well -- and since many people consider even these more "legitimate" messages as spam, it may just reach a point where an authenticated message is an indicator that the email message is not wanted.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Jesse McNelis, 19 Oct 2005 @ 10:38pm

    This is only a problem if...

    This is only a problem if people continue to send unauthicated emails.
    The email authication is quite important but just like SSL doesn't create trust it only allows for trust to be maintained.
    ie. if a spammer sends you an email you can verify that it came from the spammer, but this is no reason to trust the spammer.

    link to this | view in chronology ]

  • identicon
    Nate, 19 Oct 2005 @ 11:22pm

    You should know better

    Why does everyone think e-mail authentication is an anti-spam technique? It’s purpose is clear: to prevent forgeries, i.e. authenticate the sender.

    There is some overlap between that and the spam world, but not much. I think a lot of big companies want to use it to ensure that nobody abuses their domain name and/or trademark.

    link to this | view in chronology ]

    • icon
      Mike (profile), 19 Oct 2005 @ 11:56pm

      Re: You should know better

      That's re-writing history. The companies behind sender authentication have been pitching it as an anti-spam technique from the very beginning. And, while it's clear that it's NOT an anti-spam technique, the reason we're pointing it out is because it was sold as one.

      link to this | view in chronology ]

      • identicon
        Tim, 20 Oct 2005 @ 3:02am

        Re: You should know better

        Let Bayes and SA sort it out as a rule. Do the naive-Bayes twist on it: analyze what proportion of authenticated mails are ham or spam in a suitably huge corpus, and then deal with reality. :)

        link to this | view in chronology ]

      • identicon
        Dana Nowell, 20 Oct 2005 @ 10:25am

        Re: You should know better

        Actualy it IS one if implemented with certain simple additions. Specifically, if I KNOW the email came from address X (authenticated) and I know that address sends SPAM, I can blacklist that address in my mail agent. Sendmail, postfix, and most others have the concept of an access list. Add that domain to the access list with a 'deny', problem solved.

        link to this | view in chronology ]

        • identicon
          Anonymous Coward, 20 Oct 2005 @ 12:53pm

          Re: You should know better

          'problem solved'
          spammers churn throught servers by the thousands - constantly buying new blocks of IPs and domain names. the black list will ALWAYS be behind the curve, it is impossible to catch up. you will ALWAYS receive spam.
          sender authentication is a complete waste of time and resources and only:
          1) helps the spammers
          2) prevents more legit mail from being delivered (stupid aol)

          not a difficult concept!

          link to this | view in chronology ]

    • identicon
      Jesse McNelis, 20 Oct 2005 @ 2:51am

      Re: You should know better

      It works fine as an anti-spam system.
      Set your mail server to only accept authicated emails, then block emails that come from domains owned by spammers.
      Although, SenderID's little computational puzzles are a much better idea for preventing spam.

      link to this | view in chronology ]

      • identicon
        Anonymous Coward, 20 Oct 2005 @ 8:11am

        Re: You should know better

        Ok, I'll just set my server to only accept authenticated emails - then i'll start missing over half of all legit mail that comes to me.

        oh, ok, then i'll block all email from servers owned by spammers - because that's not a huge moving target or anything.

        the problem won't get fixed. use a junk mail filter and get on with your lives.

        link to this | view in chronology ]

    • identicon
      Pete Austin, 20 Oct 2005 @ 3:50am

      Re: You should know better

      Ditto Nate's comment. The main value of authentication systems such as SPF is against fake emails (Joe Jobs and Phishing) and email virusses.

      Their main anti-spam impact could be indirect, because they will make it more difficult to recruit botnets which are apparantly the source of most spam.

      link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.