DMARC -> CERT?
bicknell at ufp.org
Mon Apr 14 21:45:09 UTC 2014
On Apr 14, 2014, at 3:58 PM, Rich Kulawiec <rsk at gsp.org> wrote:
> As I've said many times, email forgery is not the problem. It's a symptom
> of the problem, and the problem is "rotten underlying security" coupled
> with "negligent and incompetent operational practice". But fixing that
> is hard, and nobody -- not Yahoo and not anybody else either -- wants
> to tackle it. It's much easier to roll out stuff like this and pretend
> that it works and write a press release and declare success.
I think you're on the right track, but still suggesting their is a
technical solution. I submit there is not.
There is no car alarm that prevents all car thefts, no door lock that
prevents all burglaries. No trigger lock that prevents all gun deaths,
no lane departure system that prevents all car crashes.
Spam cannot, and will never be solved by technological measures alone.
They can help reduce the levels in some cases, or "squeeze the balloon"
and move the spam to some other form.
Ultimately the way to reduce spam is to catch spammers, prosecute them,
and put them in prison. The way we keep all of those other crimes low
is primarily by enforcement; making the punishment not worth the crime.
With spam, the chance that a spammer will be punished is infinitesimal.
There are hundreds, or thousands, or tens of thousands of spammers for
every one that is put into jail.
If we'd put even 1% of the effort that's been thrown at technical measures
over the years into better laws, tools for law enforcement, and helping
them build cases we'd be several orders of magnitude better off than
technological solutions that are little more than wack-a-mole.
Leo Bicknell - bicknell at ufp.org - CCIE 3440
PGP keys at http://www.ufp.org/~bicknell/
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 793 bytes
Desc: Message signed with OpenPGP using GPGMail
More information about the NANOG