North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Micorsoft's Sender ID Authentication......?

  • From: J.D. Falk
  • Date: Wed Jun 08 01:50:59 2005

On 06/07/05, John Levine <[email protected]> wrote: 

> Shameless plug: over in the anti-spam research group at I
> sure would like it if people were working on reputation systems to
> plug the gaping hole left by all these authentication schemes.

	Not sure if it's a "gaping hole," so much as an unfortunate fact
	that sender reputation is already proving to be even harder to 
	standardize than how to confirm the identity of a sender.

	We can't have reliable reputation until we know who the mail is
	coming from -- so reliable identity is a necessary first step.

	Operationally, this means that ISP's can't yet abandon whatever
	reputation systems they already have in place (most of which are
	based on the source IP address, or on in-message criteria.)  But
	they can (and should) start testing whichever verification
	scheme best fits their mail flow patterns, so that all of our
	internal reputation engines can start evolving.

J.D. Falk                                              blong! you are a pickle!
<[email protected]>