On Tue, Oct 20, 2009 at 08:29:53AM -0400, G. D. Fuego wrote: > Am I naive in considering spoofed sender spam and true sender spam > (including stolen credentials) two separate problems requiring two > separate tactics. > > Implementing an as of yet undefined solution to limit all emails to > the real domain infrastructure seems worthwhile to me even if it > dosent solve the stolen credential or incompetant admin problems.
Even if it worked as intended (which it won't), and even if we solved the stolen credential problem (which we can't) or the incompetent admin problem (which we can't), it still wouldn't be worthwhile, since spammers have an inexhaustible supply of extremely cheap domains. (Even more so now that some of them have gone into the registrar business.) Thus, to use your phrase, "limit[ing] all emails to the real domain infrastructure" would have no meaningful anti-spam value. Thanks to greedy/corrupt registrars and greedy/corrupt hosts, the spammers own most of that now, too. ---Rsk _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
