« Links Roundup | Main | Links Roundup »

June 29, 2005

IETF: to Dodge Two Bullets, Become One Target

Paul Festa in news.com reports that the IESG has published experimental RFCs for both SenderID and SPF, thereby giving the problem the Pontius Pilate handwashing it so clearly deserves. Sadly, we're still left with the need for authentication and a giant, messy dog fight between vendors who have the least to lose from the delayed adoption of a sane, inexpensive, and reliable auth scheme.

Unfortunately, despite what its proponents loudly proclaim, neither proposal will solve the spam problem; nor will either provide the long-needed trust / reputation management scheme. At best, spammers will somehow not notice that SPF-esque DNS records are required, while every other sender of mail will, and we'll have a brief respite from spam because of the well-known competence and attention to detail of mail administrators worldwide. At worst, the only ones who will add SPF records will be the spammers themselves (which already seems to be the case, to some extent, anyway) and sender authentication will become a badge of spamminess, thereby undermining the whole end user perception of such schemes in general.

Posted by schampeo at June 29, 2005 6:51 PM

Search Blog

Browse

• Archives
• Categories
  • antispam in practice
  • consortiae
  • gripes
  • history
  • legal
  • news
  • privacy
  • project
  • security
  • spammers
  • studies and statistics
  • tactics
  • tools
  • viruses and worms

Feeds

• RSS
• ATOM

• Classifications
• News
• Request Eval