DV Hardware bringing you the hottest news about processors, graphics cards, Intel, AMD, NVIDIA, hardware and technology!

   Home | News submit | News Archives | Reviews | Articles | Howto's | Advertise
 
DarkVision Hardware - Daily tech news
December 10, 2016 
Main Menu
Home
Info
News archives
Articles
Howto
Reviews
 

Who's Online
There are currently 76 people online.

 

Latest Reviews
Zowie P-TF Rough mousepad
Zowie FK mouse
BitFenix Ronin case
Ozone Rage ST headset
Lamptron FC-10 SE fan controller
ZOWIE G-TF Rough mousepad
ROCCAT Isku FX gaming keyboard
Prolimatech Magnetic Pin
 

Follow us
RSS
 

Will an e-mail ID stop spam?

Posted on Saturday, April 22 2006 @ 12:07:30 CEST by


Silicon takes a look at whether an email ID would be able to beat spammers.
The promise of email authentication is too good to ignore but if it is implemented incorrectly it will break a company's mail system instead of fixing it, experts have cautioned.

Erik Johnson, a secure messaging executive at Bank of America, said in a presentation at the Authentication Summit in Chicago on Wednesday: "Deploy smart. Don't just do it. If you just do it, you may just break it."
You can read more over here.


 






Use Disqus to post new comments, the old comments are listed below.


Re: Will an e-mail ID stop spam?
by Anonymous on Saturday, April 22 2006 @ 14:32:10 CEST
Two comments. First, to simon, rejecting messages before receipt is definitely not the best answer. It might be best for sysadmins, but it's not the best for users. The reason is, that when rejecting a message before actual receipt, you have a very limited amount of information upon which you can decide whether it is spam or it is not spam.

Therefore I find the use of SPF or any similar techniques abusive and extremely harmful. Besides, it breaks the basics of mail systems. Disables pre-delivery forwarding, disables the use of aliases in other domains, eg. single-usage mail addresses offered by certain services. It's harmful, and from my experiences completely useless, as it's being adopted by spammers more and more often (domains with no SPF records are being used by spammers, as well as special domains registered by spammers with non-restrictive SPF records).

The real pain in all this is the fact, that we're being served such useless systems due to the fact, that they're being supported by huge corporations. If Microsoft didn't "invent" Sender ID (or actually steal SPF), and Yahoo! and Cisco didn't invent DKIM, if both projects were created by small companies, they'd never be as popularized. We would not have special summits on server-side authentication. And we would not be blinded by these large corporations, saying that this is the answer to spam.

IT IS NOT AN ANSWER TO SPAM!

There exists a MUCH BETTER way to authenticate, but it is not promoted by Microsoft, Yahoo! or AOL. The answer is PERSONAL E-MAIL CERTIFICATES! I find it unbelievable, that this is completely overlooked, whilst if every user used such a certificate (free and installed in 5 minutes thanks to Comodo or thawte - they both offer free certificates), we'd be certain that the sender addresses are not falsified. Why use a server-based system which is much easier to compromise and much more problematic (due to the impossibility to use pre-delivery forwarding, aliases or mailing lists such as in DKIM or Caller ID), if you can use a personal system, which is implemented in 99% mail clients (S/MIME support), and only requires the users to get a free certificate?

Why?

Because Microsoft, AOL, Yahoo! have completely no interest in certificates, because they can't make money using them. That's why.

Therefore let me be an advocate of an alternative solution. Drop SPF, drop DKIM, drop Sender ID. Get a personal e-mail certificate and use it to promote it. If almost everybody uses them (especially banks and other entities abused by phishing) and users get used to the fact, that only an e-mail with a valid cert can be considered to truely be sent by the originator, then we'd have mail spoofing under control.

So go get your cert now, wherever you find one. It might be Comodo, it might be thawte, it might be anywhere else, as I'm sure there are other options.

--
Tomasz Andrzej Nidecki
Journalist, Sysadmin, Spamfighter
http://spam.jogger.pl



 

DV Hardware - Privacy statement
All logos and trademarks are property of their respective owner.
The comments are property of their posters, all the rest © 2002-2016 DM Media Group bvba