[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Asrg] Authentication again

To: "'Hallam-Baker, Phillip'" <pbaker@verisign.com>, "asrg@ietf.org" <asrg@ietf.org>
Subject: RE: [Asrg] Authentication again
From: "Eric D. Williams" <eric@infobro.com>
Date: Sat, 29 Mar 2003 22:12:52 -0500
List-archive: <https://www1.ietf.org/pipermail/asrg/>
List-help: <mailto:asrg-request@ietf.org?subject=help>
List-id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-post: <mailto:asrg@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>,<mailto:asrg-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>,<mailto:asrg-request@ietf.org?subject=unsubscribe>
Organization: Information Brokers, Inc.
Sender: asrg-admin@ietf.org

Phill,

	You hit an interesting point, for me, in this post - though not intentionally 
I think.  In the example you cite the issue is not the provider of service at 
all it is the choice of the recipient MTA manager.  And 'spam' origination from 
the providers you listed in the post is not the problem either, it seems in 
fact to be the 'use of illegitimate/forged addressing' so that the majority of 
'spam' originating from who knows where is passed by 90% of filters because 
most managers do not block the free mail services.

	Blocking at the 822 level is indeed troublesome as information is so easily 
forged.  Policy edge MTAs, I think need a common method to 'qualify' and yes 
authenticate sending entities to compare to this managers choice of methods. 
 Until then I think most would agree that deepest "Recieved by" headers are a 
best bet, at least better than "From:" headers or last hop "Recieved by" which 
are the most easily forged.

-e

On Saturday, March 29, 2003 8:51 AM, Hallam-Baker, Phillip 
[SMTP:pbaker@verisign.com] wrote:
>
> > You know.  It's responses like this that really make me understand
> > why most of the ISPs I talk to hate the anti-spam organizations more
> > than the spammers.
>
> prompted by one of the other threads on the list I took a look at Vernon's
> pages to find the following:
>
> http://www.rhyolite.com/anti-spam/
> "Mail from domains on a list of free providers is rejected at rhyolite.com,
> because of spam claiming to be from them. Rejecting mail supposedly from
> free mail providers is an extremely effective tactic for avoiding spam or
> unsolicited bulk mail. "
>
> Hmm, so authentication is absolutely no use eh? Just blacklist the whole
> domain. now lets look at some of the domains in this list.
>
> yahoo.com, hotmail.com  - Of COURSE everyone from these
> 		domains is a spammer
> freeserve.co.uk		- The largest ISP in the UK, you
> 		pay by the minute through the local phone toll.
>
> Apparently these domains are effective against '90%' of spam. So if you
> could identify the genuine email sent from these sources and the sources
> implement rate limiting on egress (most do already) you could block 90% of
> spam with NO false positives.
>
> Of course false positives probably aren't a problem if you only really care
> about getting email from longstanding netizens with their own email domain.
>
> I find it somewhat interesting that the people complaining loudest about
> solutions that might involve cost are also the people who are quickest to
> cut off free internet access. Just what is going on here?
>
> 		Phill
> _______________________________________________
> Asrg mailing list
> Asrg@ietf.org
> https://www1.ietf.org/mailman/listinfo/asrg
_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg

Prev by Date: RE: [Asrg] define spam
Next by Date: Re: [Asrg] Proposal for Opt-Out
Previous by thread: [Asrg] Authentication again
Next by thread: [Asrg] Will someone PLEASE remove Tim@mailkey.com?
Index(es):
- Date
- Thread