Re: Public Policy and Consumer ISP Hygiene(was Comcastpop-ups)

[Rich Kulawiec <rsk () gsp org>]

On Tue, Oct 20, 2009 at 08:29:53AM -0400, G. D. Fuego wrote:
> Am I naive in considering spoofed sender spam and true sender spam  
> (including stolen credentials) two separate problems requiring two  
> separate tactics.
>
> Implementing an as of yet undefined solution to limit all emails to  
> the real domain infrastructure seems worthwhile to me even if it  
> dosent solve the stolen credential or incompetant admin problems.

Even if it worked as intended (which it won't), and even if we solved the
stolen credential problem (which we can't) or the incompetent admin
problem (which we can't), it still wouldn't be worthwhile, since spammers
have an inexhaustible supply of extremely cheap domains.  (Even more so
now that some of them have gone into the registrar business.)

Thus, to use your phrase, "limit[ing] all emails to the real domain
infrastructure" would have no meaningful anti-spam value.  Thanks
to greedy/corrupt registrars and greedy/corrupt hosts, the spammers
own most of that now, too.

---Rsk
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.