[81376] in North American Network Operators' Group
Re: Micorsoft's Sender ID Authentication......?
daemon@ATHENA.MIT.EDU (J.D. Falk)
Wed Jun 8 01:50:18 2005
Date: Tue, 7 Jun 2005 22:49:51 -0700
From: "J.D. Falk" <jdfalk@cybernothing.org>
To: nanog@nanog.org
In-Reply-To: <20050608043756.417.qmail@xuxa.iecc.com>
Errors-To: owner-nanog@merit.edu
On 06/07/05, John Levine <johnl@iecc.com> wrote:
> Shameless plug: over in the anti-spam research group at asrg.sp.am I
> sure would like it if people were working on reputation systems to
> plug the gaping hole left by all these authentication schemes.
Not sure if it's a "gaping hole," so much as an unfortunate fact
that sender reputation is already proving to be even harder to
standardize than how to confirm the identity of a sender.
We can't have reliable reputation until we know who the mail is
coming from -- so reliable identity is a necessary first step.
Operationally, this means that ISP's can't yet abandon whatever
reputation systems they already have in place (most of which are
based on the source IP address, or on in-message criteria.) But
they can (and should) start testing whichever verification
scheme best fits their mail flow patterns, so that all of our
internal reputation engines can start evolving.
--
J.D. Falk blong! you are a pickle!
<jdfalk@cybernothing.org>
