We're only doing this here because speaking to Noel @apacheconeu he wasn't
sure what to do to kick of the discussion, and we thought, start it here
and see if a better home becomes obvious.
On the specific issue, I would agree that it could only realistically be a
whitelisting technique, but even allowing for that it does give you some
strong identity management for your whitelist.
If you whitelist my my @apache address and it starts appearing as the
sender or return address on spam or virii you would have to remove me from
your whitelist, and filter the mail
If you whitelist my signature you can blacklist my address *unless* it
contains a valid signature, and voila even though there's a from-danny
mailstorm raging, I can still beam mail directly at you and have it get
right through.
d.
|---------+---------------------------->
| | Serge Knystautas |
| | <[EMAIL PROTECTED]|
| | l.com> |
| | |
| | 01/08/2005 16:38 |
| | Please respond to|
| | general |
|---------+---------------------------->
>-------------------------------------------------------------------------------------------------------------------------------|
|
|
| To: [email protected]
|
| cc:
|
| Subject: Re: Signed e-mail as an anti-SPAM measure
|
>-------------------------------------------------------------------------------------------------------------------------------|
On 7/31/05, Noel J. Bergman <[EMAIL PROTECTED]> wrote:
> Signed e-mail can be an effective tool to address SPAM. Signed e-mail
can
> be validated to know that there is a trusted identity responsible for the
> e-mail. It addresses the needs of mobile workers and improves the
ability
> to use SMTP relays, reducing the need to police e-mail by IP address. We
> can validate the authenticity of signed e-mail early, reject e-mail that
> fails authentication, and reduce the amount of SPAM congesting the
Internet.
> Where there is a need for anonymity, "anonymizers" can sign e-mail on
behalf
> of their clients (as we do with our server-side signing), where the
> anonymizer's reputation and ability to block SPAM will effect whether the
> e-mail will be accepted downstream.
It's taken years for SPF to be adopted which takes a 2 second DNS
change in an organizations and they have a wizard to make the text.
Creating a much bigger technical hurdle, possibly require end-users to
make this change (depending on whether you want MUA or MTA
involvement), and then wait until it's widely adopted, and well, I'll
be dead before it's removed some emails from my inbox.
Maybe as a whitelist... certainly not going to prevent any spam in my
lifetime, though I think the spamassassin people would be a much
better group to ask than us.
--
Serge Knystautas
Lokitech >> software . strategy . design >> http://www.lokitech.com
p. 301.656.5501
e. [EMAIL PROTECTED]
***************************************************************************
The information in this e-mail is confidential and for use by the addressee(s)
only. If you are not the intended recipient (or responsible for delivery of the
message to the intended recipient) please notify us immediately on 0141 306
2050 and delete the message from your computer. You may not copy or forward it
or use or disclose its contents to any other person. As Internet communications
are capable of data corruption Student Loans Company Limited does not accept
any responsibility for changes made to this message after it was sent. For
this reason it may be inappropriate to rely on advice or opinions contained in
an e-mail without obtaining written confirmation of it. Neither Student Loans
Company Limited or the sender accepts any liability or responsibility for
viruses as it is your responsibility to scan attachments (if any). Opinions and
views expressed in this e-mail are those of the sender and may not reflect the
opinions and views of The Student Loans Company Limit
ed.
This footnote also confirms that this email message has been swept for the
presence of computer viruses.
**************************************************************************
