Anti-spam methods (was: Spam-Filter-Free Options)

Bill McGonigle bill at bfccomputing.com
Fri May 9 01:50:54 EDT 2008 

On May 8, 2008, at 17:28, Ben Scott wrote:

>   So... are you proposing to give any mail which authenticates with
> DKIM a "more-trustworthy" score?

yes.  If a mail purports to be from a domain, check it with SPF and/ 
or DKIM.  If they support either and it fails, drop it on the floor.   
This takes out header-forging spam.

> What's to stop spammers from adding
> DKIM auth to their spam, the same way many publish SPF records for
> their spam domains?

nothing at all.

>   (And authenticating mail as coming from a
> blacklisted domain is pointless; we can drop it based on the domain
> alone, without a SPF/DKIM check.  I doubt I want mail from anyone
> spoofing a blacklisted domain.)

agreed!

>   Sender auth schemes -- like DKIM and SPF -- may make it easier to
> identify mail which came from senders you *already know you want to
> receive mail from*.  I'm not saying that's useless, but it won't stop
> spam.

I get lots of spam with faked headers.  Don't you?

>   An example of how it is useful: If you know your bank uses
> DKIM, and that their IT operations are trustworthy, then you can make
> an informed decision: Mail from the bank's domain with DKIM has a
> relatively high level of trust, while mail from the bank's domain
> without DKIM has a very low level of trust (possibly enough to discard
> the mail on the spot).  That helps avoid mail spoofing the bank's
> domain -- phishing, and any regular spam spoofing their domain.

Isn't that valuable?  Phishing spam is a kind of spam, they're rarely  
targeted.

>   But sender auth won't stop spam from the brazilians of domains you
> don't have any particular trust in or knowledge of.

True.  I wouldn't advocate stopping other methods of checks.

>   It also won't
> stop spam from a provider which has security issues.  For example,
> Yahoo.  A lot of spam comes from Yahoo.  Spammers apparently find it
> worthwhile and viable to compromise Yahoo's security, either directly,
> or indirectly through their users.  Sender auth won't help that
> problem; the spam will end up authenticated as coming via Yahoo.

Yeah, webmail providers are among the hardest.  If somebody gets  
compromised all bets are off, of course.  This doesn't reduce the  
average case even though an edge case exists.

>   Sender auth schemes are useful, but they won't stop spam.  They
> might stop phishing.  (Or not.  Given how little resources most
> organizations allocate towards IT security, we may find sender auth
> proves less useful, if crytpo keys are compromised and used for mail
> abuse.)

Did I suggest DKIM would stop spam?  If so, I was smoking crack.  My  
only contention is that it can help reduce spam.  If everybody used  
DKIM, domain-based blacklists would get easier.  The number of  
domains isn't finite, but reputation-based systems can help there,  
but you need to key reputations, and domains are the most sensible  
key.  So, being that there's some potential benefit and very little  
cost, doing it seems like the right thing to do.

-Bill

-----
Bill McGonigle, Owner           Work: 603.448.4440
BFC Computing, LLC              Home: 603.448.1668
bill at bfccomputing.com           Cell: 603.252.2606
http://www.bfccomputing.com/    Page: 603.442.1833
Blog: http://blog.bfccomputing.com/
VCard: http://bfccomputing.com/vcard/bill.vcf

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3833 bytes
Desc: not available
Url : http://mail.gnhlug.org/mailman/private/gnhlug-discuss/attachments/20080509/0448b97f/attachment.bin

More information about the gnhlug-discuss mailing list