RE: DEPLOY: Sender-ID provides little or no defence against adapt ive threats

["Hallam-Baker, Phillip" <pbaker@xxxxxxxxxxxx>]

Even if we end up with spammers using disposable domains it will
mean a major switching cost for every message variant. In effect
the use of hash busters will be completely negated.

Saying that Sender ID will not work because of the throaway domain 
problem is like saying that it is pointless putting locks on your
doors because a burglar can break a window. In the real world breaking
windows creates noise and leads to burglars being caught.

> -----Original Message-----
> From: owner-ietf-mxcomp@xxxxxxxxxxxx
> [mailto:owner-ietf-mxcomp@xxxxxxxxxxxx]On Behalf Of Anne P. Mitchell,
> Esq.
> Sent: Friday, September 03, 2004 4:55 PM
> To: IETF MARID WG
> Subject: RE: DEPLOY: Sender-ID provides little or no defence against
> adaptive threats
> 
> 
> 
> 
> > Anne P. Mitchell wrote:
> > >cf. CipherTrust's study released this week in which >50% of the 
> > sources
> > >for all email surveyed which published SPF records were spammers.
> > >
> > >http://www.infoworld.com/article/04/08/31/HNspammerstudy_1.html
> >
> > Just so there is no confusion... this is good news for SPF, not bad 
> > news.
> >
> 
> Absolutely, completely agreed!  I should have elaborated.  As I have 
> said in various public posts (elsewhere), if spammers want to tie 
> themselves to their sites by authentication, that's a *good* 
> thing.  My 
> points are that a) spammers will adopt whatever is out there, and in 
> this instance b) spammers are stupid - by adopting what they 
> *think* is 
> an anti-spam protocol to help get their spam through, they 
> are actually 
> raising their hands and saying "here I am!"
> 
> Anne
>