On Tue, 20 Oct 2009 08:29:53 EDT, "G. D. Fuego" said: > Am I naive in considering spoofed sender spam and true sender spam > (including stolen credentials) two separate problems requiring two > separate tactics.
In both cases - spoofed and stolen creds - the mail isn't sent by the person it claims to be sent by. The only difference is the details. > Implementing an as of yet undefined solution to limit all emails to > the real domain infrastructure seems worthwhile to me even if it > dosent solve the stolen credential or incompetant admin problems. There are two easily implemented ways for the spammers to do it. You address one, and totally fail to fix the other. All this does is create a lot of work for a lot of people in order to shift the problem over to the other way, where they continue unabated. So why is it worthwhile? As has been pointed out, there's around 100M compromised boxes with credentials waiting to be abused. Anything that fails to account for that is simply not worth the effort, as it's broken as designed.
pgpkBeNOjwIMi.pgp
Description: PGP signature
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
