Mossberg Takes On Copy Protection >>
<< Banks Focused On Startups Upset That Others...
 tdicon 


Email

by Mike Masnick

Wed, Oct 19th 2005 9:23pm





Maybe We Should Just Trash All Authenticated Email

from the one-way-to-fix-spam dept

For the most part, sender authentication techniques have been a joke. The early adopters were spammers themselves. While some people claimed this meant that those spammers were "outed" it doesn't seem like anyone actually did much about them. Now, though, a marketing trade group is requiring its members to start using sender authentication techniques in any marketing emails. While this may seem like a way to further give these authentication systems legitimacy, it might actually do the opposite. Suddenly, all the marketing messages that people get will be authenticated as well -- and since many people consider even these more "legitimate" messages as spam, it may just reach a point where an authenticated message is an indicator that the email message is not wanted.

9 Comments | Leave a Comment..


If you liked this post, you may also be interested in...
 

Reader Comments (rss)

(Flattened / Threaded)

  1.  

    This is only a problem if...

    identicon
    Jesse McNelis, Oct 19th, 2005 @ 10:38pm

    This is only a problem if people continue to send unauthicated emails.
    The email authication is quite important but just like SSL doesn't create trust it only allows for trust to be maintained.
    ie. if a spammer sends you an email you can verify that it came from the spammer, but this is no reason to trust the spammer.

    reply to this | link to this | view in thread ]

  2.  

    You should know better

    identicon
    Nate, Oct 19th, 2005 @ 11:22pm

    Why does everyone think e-mail authentication is an anti-spam technique? It’s purpose is clear: to prevent forgeries, i.e. authenticate the sender.

    There is some overlap between that and the spam world, but not much. I think a lot of big companies want to use it to ensure that nobody abuses their domain name and/or trademark.

    reply to this | link to this | view in thread ]

  3.  

    Re: You should know better

    icon
    Mike (profile), Oct 19th, 2005 @ 11:56pm

    That's re-writing history. The companies behind sender authentication have been pitching it as an anti-spam technique from the very beginning. And, while it's clear that it's NOT an anti-spam technique, the reason we're pointing it out is because it was sold as one.

    reply to this | link to this | view in thread ]

  4.  

    Re: You should know better

    identicon
    Jesse McNelis, Oct 20th, 2005 @ 2:51am

    It works fine as an anti-spam system.
    Set your mail server to only accept authicated emails, then block emails that come from domains owned by spammers.
    Although, SenderID's little computational puzzles are a much better idea for preventing spam.

    reply to this | link to this | view in thread ]

  5.  

    Re: You should know better

    identicon
    Tim, Oct 20th, 2005 @ 3:02am

    Let Bayes and SA sort it out as a rule. Do the naive-Bayes twist on it: analyze what proportion of authenticated mails are ham or spam in a suitably huge corpus, and then deal with reality. :)

    reply to this | link to this | view in thread ]

  6.  

    Re: You should know better

    identicon
    Pete Austin, Oct 20th, 2005 @ 3:50am

    Ditto Nate's comment. The main value of authentication systems such as SPF is against fake emails (Joe Jobs and Phishing) and email virusses.

    Their main anti-spam impact could be indirect, because they will make it more difficult to recruit botnets which are apparantly the source of most spam.

    reply to this | link to this | view in thread ]

  7.  

    Re: You should know better

    identicon
    Anonymous Coward, Oct 20th, 2005 @ 8:11am

    Ok, I'll just set my server to only accept authenticated emails - then i'll start missing over half of all legit mail that comes to me.

    oh, ok, then i'll block all email from servers owned by spammers - because that's not a huge moving target or anything.

    the problem won't get fixed. use a junk mail filter and get on with your lives.

    reply to this | link to this | view in thread ]

  8.  

    Re: You should know better

    identicon
    Dana Nowell, Oct 20th, 2005 @ 10:25am

    Actualy it IS one if implemented with certain simple additions. Specifically, if I KNOW the email came from address X (authenticated) and I know that address sends SPAM, I can blacklist that address in my mail agent. Sendmail, postfix, and most others have the concept of an access list. Add that domain to the access list with a 'deny', problem solved.

    reply to this | link to this | view in thread ]

  9.  

    Re: You should know better

    identicon
    Anonymous Coward, Oct 20th, 2005 @ 12:53pm

    'problem solved'
    spammers churn throught servers by the thousands - constantly buying new blocks of IPs and domain names. the black list will ALWAYS be behind the curve, it is impossible to catch up. you will ALWAYS receive spam.
    sender authentication is a complete waste of time and resources and only:
    1) helps the spammers
    2) prevents more legit mail from being delivered (stupid aol)

    not a difficult concept!

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>


Mossberg Takes On Copy Protection >>
<< Banks Focused On Startups Upset That Others...
 tdicon 

A word from our Sponsors...
Follow Techdirt
Flattr rss rss

Powered by Postrank

From the Techdirt Archive...
A word from our Sponsors...

Close

Email This