[Asrg] Receiver Initiated Authentication
Dotzero
dotzero at gmail.com
Mon Sep 17 16:41:25 EDT 2007
On 9/17/07, SM <sm at resistor.net> wrote:
> At 11:12 17-09-2007, Chris Lewis wrote:
> >Freudian slip? ;-)
>
> No. :-) I was merely pointing out why every new measure introduced
> gets circumvented.
>
> >I can't help thinking that spammers will have a field day spamming
> >themselves with forged, say, @hotmail.com, doing the captchas to
> >"approve" bogus IPs, and then firehosing the world with what would
> >now verify. The Nigerian 419 hordes would have fun.
>
> Or they could push more authenticated mail through as they already
> control the user's computer.
>
But if they did try to push more "authenticated" mail it becomes the
ISP or companies issue because SPF authenticates the domain, not the
user. In fact, the port 25 approach does have certain advantages in
terms of reputation and accountability. If this were to play out I
think we would see more "walled gardens"
More information about the Asrg
mailing list