On Sat, Oct 17, 2009 at 07:41:46AM -0700, ch...@blask.org wrote: > IMHO, a sender-authentication system that runs over SMTP and allows at > least *some* mail to be highly-verifiable as known-good - and that was > easy to adopt at the user level - could spread like wild fire and drive > adoption and refinement thereby reducing the value of spam to near-zero. > (fwiw I think this would require some amount of strong auth to work > at all)
You're not getting it. All such systems have *already* been defeated by The Bad Guys. It's thus utterly pointless to even discuss them or debate their technical merits or implementation details. Before any proposal like this can progress beyond "nice idea but incongruent with reality", you'll have to present a workable plan for un-zombie'ing 100M+ systems and keeping them that way. Oh, and you'll also have to present a workable plan for reclaiming a correspondingly higher number of compromised email accounts and keeping them that way. Good luck with that. ---Rsk _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
