Anti-spam methods (was: Spam-Filter-Free Options)
Ben Scott
dragonhawk at gmail.com
Thu May 8 17:28:19 EDT 2008
On Thu, May 8, 2008 at 3:02 PM, Bill McGonigle <bill at bfccomputing.com> wrote:
>> DKIM won't stop spam. DKIM may make it easier to identify mail
>> which came from senders you want to receive mail from.
>
> DKIM establishes identity.
Even that's arguable. DKIM establishes that mail came from the
domain's owner, or someone who has access to the domain owner's DKIM
keys. That's something, of course. But domain ownership isn't worth
much by itself.
> It can then be useful for further things, like scoring.
So... are you proposing to give any mail which authenticates with
DKIM a "more-trustworthy" score? What's to stop spammers from adding
DKIM auth to their spam, the same way many publish SPF records for
their spam domains? (And authenticating mail as coming from a
blacklisted domain is pointless; we can drop it based on the domain
alone, without a SPF/DKIM check. I doubt I want mail from anyone
spoofing a blacklisted domain.)
Sender auth schemes -- like DKIM and SPF -- may make it easier to
identify mail which came from senders you *already know you want to
receive mail from*. I'm not saying that's useless, but it won't stop
spam. An example of how it is useful: If you know your bank uses
DKIM, and that their IT operations are trustworthy, then you can make
an informed decision: Mail from the bank's domain with DKIM has a
relatively high level of trust, while mail from the bank's domain
without DKIM has a very low level of trust (possibly enough to discard
the mail on the spot). That helps avoid mail spoofing the bank's
domain -- phishing, and any regular spam spoofing their domain.
But sender auth won't stop spam from the brazilians of domains you
don't have any particular trust in or knowledge of. It also won't
stop spam from a provider which has security issues. For example,
Yahoo. A lot of spam comes from Yahoo. Spammers apparently find it
worthwhile and viable to compromise Yahoo's security, either directly,
or indirectly through their users. Sender auth won't help that
problem; the spam will end up authenticated as coming via Yahoo.
Sender auth schemes are useful, but they won't stop spam. They
might stop phishing. (Or not. Given how little resources most
organizations allocate towards IT security, we may find sender auth
proves less useful, if crytpo keys are compromised and used for mail
abuse.)
-- Ben
More information about the gnhlug-discuss
mailing list