nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Micorsoft's Sender ID Authentication......?

From: "J.D. Falk" <jdfalk () cybernothing org>
Date: Tue, 7 Jun 2005 22:49:51 -0700

On 06/07/05, John Levine <johnl () iecc com> wrote: 


Shameless plug: over in the anti-spam research group at asrg.sp.am I
sure would like it if people were working on reputation systems to
plug the gaping hole left by all these authentication schemes.


        Not sure if it's a "gaping hole," so much as an unfortunate fact
        that sender reputation is already proving to be even harder to 
        standardize than how to confirm the identity of a sender.

        We can't have reliable reputation until we know who the mail is
        coming from -- so reliable identity is a necessary first step.

        Operationally, this means that ISP's can't yet abandon whatever
        reputation systems they already have in place (most of which are
        based on the source IP address, or on in-message criteria.)  But
        they can (and should) start testing whichever verification
        scheme best fits their mail flow patterns, so that all of our
        internal reputation engines can start evolving.

-- 
J.D. Falk                                              blong! you are a pickle!
<jdfalk () cybernothing org>
Previous By Date Next
Previous By Thread Next

Current thread: