Re: spoofing email addresses

[Vernon Schryver <vjs at calcite.rhyolite.com>]

> From: Andrew Newton <andy at hxr.us>

> On May 24, 2004, at 1:49 PM, Valdis.Kletnieks at vt.edu wrote:
> >
> > In fact, there isn't any sane way to detect "inconsistent" header 
> > information
> > without external hints - this is the reason why there's the SPF 
> > proposal, the
> > Yahoo domain-keys proposal, and Microsoft's proposal.
>
> And MARID.

I don't see any of those proposals and their competitors as sane.
Some of them, such as SPF, do not even meet their own design goals
as stated informally by their advocates.  Others such as domain-keys
do not seem to do anything that is not already done by SMTP-TLS, despite
the goals in the I-D that seem to be closer to S/MIME.  None of them
have much to do with spam, but only with a currently popular mode of
attack used by spammers.  None have any hope of affecting even that
particular attack mode for years, because none can have any significant
effect until deployed on most SMTP clients.  Many seem to be based on
insufficient familiarity with the nature of SMTP (e.g. SPF's incredible
source-routing scheme) and the urge to Do Something Now regardless of
actual results.


Vernon Schryver    vjs at rhyolite.com

_______________________________________________
Ietf mailing list
Ietf at ietf.org
https://www1.ietf.org/mailman/listinfo/ietf