funsec mailing list archives
Re: Shocker: DKIM antispam standard can't stop spam
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Sat, 14 Jul 2007 11:06:10 +1200
Valdis.Kletnieks () vt edu wrote:
It *would* be, if a fraction of the spam we got had vt.edu source addresses. But *we* don't filter out very much spam by listing what places can send with vt.edu addresses. *OTHER* places can filter any spam that shows up with a 'From: vt.edu' on it. But publishing vt.edu doesn't do *squat* for our filtering spam that has some *OTHER* domain in the From: - we only get *that* benefit if the purported source domain publishes *their* info. To run it by once more - we publish, gmail gets the benefit. Gmail publishes, *we* get the benefit. Nobody gets the benefit *themselves* by publishing.
Correct (not that that's surprising from Valdis). The important bit you omitted though, is that by the time a reasonable chunk of the big Internet/Email service providers are publishing such information, the "benefit" you allude to will be almost exactly zero. Early adopters DO see a benefit (along with nasty FP rate spikes if trying to use this for filtering/classifying incoming Email) BUT that will be quickly eroded once/if adoption rates start to affect the spammers' bottom lines. That is because this "technology" is so moronically simple-minded that it can be completely side-stepped with a few dozen lines of extra code on the part of today's spam-bot writers. Anyone pushing such "anti-spam" (or "stepping stone to effective reputation services") measures is either grievously ignorant of how today's spam works in-the-large, or making a tidy living off shilling second-rate anti-spam "solutions" (or both, of course). Regards, Nick FitzGerald _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Shocker: DKIM antispam standard can't stop spam Paul Ferguson (Jul 12)
- Re: Shocker: DKIM antispam standard can't stop spam Dude VanWinkle (Jul 13)
- RE: Shocker: DKIM antispam standard can't stop spam Larry Seltzer (Jul 13)
- Re: Shocker: DKIM antispam standard can't stop spam Valdis . Kletnieks (Jul 13)
- Re: Shocker: DKIM antispam standard can't stop spam Dude VanWinkle (Jul 13)
- Re: Shocker: DKIM antispam standard can't stop spam Valdis . Kletnieks (Jul 13)
- Re: Shocker: DKIM antispam standard can't stop spam Dude VanWinkle (Jul 13)
- Re: Shocker: DKIM antispam standard can't stop spam Valdis . Kletnieks (Jul 13)
- Re: Shocker: DKIM antispam standard can't stop spam Nick FitzGerald (Jul 13)
- Re: Shocker: DKIM antispam standard can't stop spam Dude VanWinkle (Jul 13)
- Re: Shocker: DKIM antispam standard can't stop spam Paul Vixie (Jul 13)
- Re: Shocker: DKIM antispam standard can't stop spam Nick FitzGerald (Jul 13)
- Re: Shocker: DKIM antispam standard can't stop spam John Payne (Jul 15)
- <Possible follow-ups>
- Re: Shocker: DKIM antispam standard can't stop spam Paul Ferguson (Jul 13)
- Re: Shocker: DKIM antispam standard can't stop spam Paul Ferguson (Jul 13)
- Re: Shocker: DKIM antispam standard can't stop spam Dude VanWinkle (Jul 13)
- Re: Shocker: DKIM antispam standard can't stop spam Dude VanWinkle (Jul 13)
- Re: Shocker: DKIM antispam standard can't stop spam Dude VanWinkle (Jul 13)