Meander - from "penny black" back to TCB protections

Victor.Duchovni at morganstanley.com Victor.Duchovni at morganstanley.com
Fri Jan 2 10:40:29 EST 2004


On Thu, 1 Jan 2004, Ed Reed wrote:

> I'm curious, Victor - do you use any functions to verify that the
> sender's
> email address is "live" to insure that a valid "reply" is possible?

No, this is not known to scale well to large sites. Also widespread
adoption of sender verification encourages joe-jobbing, for the victim the
torrent of spam bounces and abuse complaints are worse than spam (one of
my users was getting 10000 messages for a while...).

A high quality open proxy/open relay RBL combined with a good spam
detector (Spam Assasin or a commercial offering) are good enough in
practice...

A lot of the damage to email infrastructure associated with spam is caused
by misguided spam-fighters, rather than spam itself.

I am waiting for the law to be enforced, not for CPU waste proofs.

-- 
	Viktor.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list