Pre-authentication of email is not going to happen

To: Dale Amon <amon@vnl.com>
Cc: debian-security@lists.debian.org
Subject: Pre-authentication of email is not going to happen
From: Duncan Simpson <duncan@commercialuk.com>
Date: 11 Jun 2004 11:40:44 +0100
Message-id: <[🔎] 1086950444.584.369.camel@duncan>

You might see a few, IMHO misguided, people implementing sender
pre-authentication systems. A very few high-profile people might
actually have justpficiation for a system that passes some senders to
them and everyone else via their helpers for dealing with fan mail.

Wide-scale deployment of sender pre-authentication would require a
significant number of system administrators to deploy such solutions and
I do not think this is going to happen. I am fairly sure almost no
system administrators support sender pre-authentication.

As a system administrator I need to recieve mail from too many random
people. The same goes for my boss, sales people, etc. If your business
depends on email working, which is increasingly common, sender
pre-authenticated is not an option.

What I think we will see is widespread deployment of at least one system
to authenticate sender's identities at least partially. SPF is
relatively easy to deploy and sendmail is likely to support yahoo's
proposed domain signatures soon. Neither will prevent spam, but both
should make it more expensive[*], possibly by enough to make much of the
current spam unprofitable.

[*] IF you can not forge domain names then you might need to pay for a
new domain name every few spams. This would eat into your profits (it be
easy for registats to identifuy abusers and not grant them new domain
names).

Reply to:

Prev by Date: Re: Spam fights
Next by Date: Re: Spam fights
Previous by thread: Florian Schmitz [tecorange] ist außer Haus.
Next by thread: may CAN-2004-041[678] affect on woody?
Index(es):
- Date
- Thread