Micorsoft's Sender ID Authentication......?
J.D. Falk
jdfalk at cybernothing.org
Wed Jun 8 05:49:51 UTC 2005
On 06/07/05, John Levine <johnl at iecc.com> wrote:
> Shameless plug: over in the anti-spam research group at asrg.sp.am I
> sure would like it if people were working on reputation systems to
> plug the gaping hole left by all these authentication schemes.
Not sure if it's a "gaping hole," so much as an unfortunate fact
that sender reputation is already proving to be even harder to
standardize than how to confirm the identity of a sender.
We can't have reliable reputation until we know who the mail is
coming from -- so reliable identity is a necessary first step.
Operationally, this means that ISP's can't yet abandon whatever
reputation systems they already have in place (most of which are
based on the source IP address, or on in-message criteria.) But
they can (and should) start testing whichever verification
scheme best fits their mail flow patterns, so that all of our
internal reputation engines can start evolving.
--
J.D. Falk blong! you are a pickle!
<jdfalk at cybernothing.org>
More information about the NANOG
mailing list