nanog mailing list archives
Re: DMARC -> CERT?
From: Leo Bicknell <bicknell () ufp org>
Date: Mon, 14 Apr 2014 16:45:09 -0500
On Apr 14, 2014, at 3:58 PM, Rich Kulawiec <rsk () gsp org> wrote:
As I've said many times, email forgery is not the problem. It's a symptom of the problem, and the problem is "rotten underlying security" coupled with "negligent and incompetent operational practice". But fixing that is hard, and nobody -- not Yahoo and not anybody else either -- wants to tackle it. It's much easier to roll out stuff like this and pretend that it works and write a press release and declare success.
I think you're on the right track, but still suggesting their is a technical solution. I submit there is not. There is no car alarm that prevents all car thefts, no door lock that prevents all burglaries. No trigger lock that prevents all gun deaths, no lane departure system that prevents all car crashes. Spam cannot, and will never be solved by technological measures alone. They can help reduce the levels in some cases, or "squeeze the balloon" and move the spam to some other form. Ultimately the way to reduce spam is to catch spammers, prosecute them, and put them in prison. The way we keep all of those other crimes low is primarily by enforcement; making the punishment not worth the crime. With spam, the chance that a spammer will be punished is infinitesimal. There are hundreds, or thousands, or tens of thousands of spammers for every one that is put into jail. If we'd put even 1% of the effort that's been thrown at technical measures over the years into better laws, tools for law enforcement, and helping them build cases we'd be several orders of magnitude better off than technological solutions that are little more than wack-a-mole. -- Leo Bicknell - bicknell () ufp org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/
Attachment:
signature.asc
Description: Message signed with OpenPGP using GPGMail
Current thread:
- Re: DMARC -> CERT?, (continued)
- Re: DMARC -> CERT? Private Sender (Apr 17)
- Re: DMARC -> CERT? Michael Thomas (Apr 17)
- Re: DMARC -> CERT? Valdis . Kletnieks (Apr 17)
- Re: DMARC -> CERT? Michael Thomas (Apr 17)
- Re: DMARC -> CERT? Miles Fidelman (Apr 17)
- Message not available
- Re: DMARC -> CERT? Larry Sheldon (Apr 16)
- Re: DMARC -> CERT? Jim Popovitch (Apr 16)
- Re: DMARC -> CERT? Miles Fidelman (Apr 14)
- Re: DMARC -> CERT? John Levine (Apr 14)
- Re: DMARC -> CERT? Rich Kulawiec (Apr 14)
- Re: DMARC -> CERT? Leo Bicknell (Apr 14)
- Re: DMARC -> CERT? Miles Fidelman (Apr 14)