[lug] Getting mail out of the Qwest/MSN mire

Sean Reifschneider jafo at tummy.com
Sun Jul 9 13:28:36 MDT 2006

On Sat, Jul 08, 2006 at 11:52:04PM -0600, Nate Duehr wrote:
>authenticated.  REAL authentication.  Down to the person who sent it,  
>or entity, either one of which makes for a great filter object.

I understand what you're saying.  The point I'm making is: what good does
knowing who sent a message do?  Are you saying that you would reject all
e-mail from anyone you haven't whitelisted?  That's absolutely doable today
without signing.

Are you saying that one person cannot ever get more than one key?
What if that key gets stolen?  Hey, I know, let's use your social security
number to authenticate you!  If they can get more than one key, what
is to prevent spammers from obtaining many keys, which make them look
like many people?

Sure, I can blacklist the entire Interweb, and then whitelist only the
people I want to hear from.  That will make my e-mail virtually spam-proof.
It will also make it nearly impossible for you to communicate with anyone

Authentication to the sending "entity" doesn't really help, we already have
authentication to the sending entity of Yahoo and QWest DSL users, and
that's how this whole discussion got started.

>>>Every mail server that touches a message should also digitally
>>>sign/stamp the message.
>Because those TRANSPORTING the spam message also can then be known.   
>Why not?

In most cases for the spam I get, that's easily available.  The hop that
sent the message to me is either the end user or the transport, I don't
really care about the other hops it may have taken along the way.  Usually
there aren't many hops anyway.

 Do you think reading about cowboys is sufficient to ride a horse?
 Like horses, real programs tend to throw you.  -- John Shipman, 1997
Sean Reifschneider, Member of Technical Staff <jafo at tummy.com>
tummy.com, ltd. - Linux Consulting since 1995: Ask me about High Availability

More information about the LUG mailing list