Maybe We Should Just Trash All Authenticated Email
from the one-way-to-fix-spam dept
For the most part, sender authentication techniques have been a joke. The early adopters were spammers themselves. While some people claimed this meant that those spammers were “outed” it doesn’t seem like anyone actually did much about them. Now, though, a marketing trade group is requiring its members to start using sender authentication techniques in any marketing emails. While this may seem like a way to further give these authentication systems legitimacy, it might actually do the opposite. Suddenly, all the marketing messages that people get will be authenticated as well — and since many people consider even these more “legitimate” messages as spam, it may just reach a point where an authenticated message is an indicator that the email message is not wanted.
Comments on “Maybe We Should Just Trash All Authenticated Email”
This is only a problem if...
This is only a problem if people continue to send unauthicated emails.
The email authication is quite important but just like SSL doesn’t create trust it only allows for trust to be maintained.
ie. if a spammer sends you an email you can verify that it came from the spammer, but this is no reason to trust the spammer.
You should know better
Why does everyone think e-mail authentication is an anti-spam technique? It?s purpose is clear: to prevent forgeries, i.e. authenticate the sender.
There is some overlap between that and the spam world, but not much. I think a lot of big companies want to use it to ensure that nobody abuses their domain name and/or trademark.
Re: You should know better
That’s re-writing history. The companies behind sender authentication have been pitching it as an anti-spam technique from the very beginning. And, while it’s clear that it’s NOT an anti-spam technique, the reason we’re pointing it out is because it was sold as one.
Re: Re: You should know better
Let Bayes and SA sort it out as a rule. Do the naive-Bayes twist on it: analyze what proportion of authenticated mails are ham or spam in a suitably huge corpus, and then deal with reality. 🙂
Re: Re: You should know better
Actualy it IS one if implemented with certain simple additions. Specifically, if I KNOW the email came from address X (authenticated) and I know that address sends SPAM, I can blacklist that address in my mail agent. Sendmail, postfix, and most others have the concept of an access list. Add that domain to the access list with a ‘deny’, problem solved.
Re: Re: Re: You should know better
‘problem solved’
spammers churn throught servers by the thousands – constantly buying new blocks of IPs and domain names. the black list will ALWAYS be behind the curve, it is impossible to catch up. you will ALWAYS receive spam.
sender authentication is a complete waste of time and resources and only:
1) helps the spammers
2) prevents more legit mail from being delivered (stupid aol)
not a difficult concept!
Re: You should know better
It works fine as an anti-spam system.
Set your mail server to only accept authicated emails, then block emails that come from domains owned by spammers.
Although, SenderID’s little computational puzzles are a much better idea for preventing spam.
Re: Re: You should know better
Ok, I’ll just set my server to only accept authenticated emails – then i’ll start missing over half of all legit mail that comes to me.
oh, ok, then i’ll block all email from servers owned by spammers – because that’s not a huge moving target or anything.
the problem won’t get fixed. use a junk mail filter and get on with your lives.
Re: You should know better
Ditto Nate’s comment. The main value of authentication systems such as SPF is against fake emails (Joe Jobs and Phishing) and email virusses.
Their main anti-spam impact could be indirect, because they will make it more difficult to recruit botnets which are apparantly the source of most spam.