[15131] in cryptography@c2.net mail archive
Re: Meander - from "penny black" back to TCB protections
daemon@ATHENA.MIT.EDU (Victor.Duchovni@morganstanley.com)
Fri Jan 2 12:05:24 2004
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Fri, 2 Jan 2004 10:40:29 -0500 (EST)
From: Victor.Duchovni@morganstanley.com
To: Ed Reed <ereed@novell.com>
Cc: cryptography@metzdowd.com
In-Reply-To: <sff3ccf2.041@prv-mail20.provo.novell.com>
On Thu, 1 Jan 2004, Ed Reed wrote:
> I'm curious, Victor - do you use any functions to verify that the
> sender's
> email address is "live" to insure that a valid "reply" is possible?
No, this is not known to scale well to large sites. Also widespread
adoption of sender verification encourages joe-jobbing, for the victim the
torrent of spam bounces and abuse complaints are worse than spam (one of
my users was getting 10000 messages for a while...).
A high quality open proxy/open relay RBL combined with a good spam
detector (Spam Assasin or a commercial offering) are good enough in
practice...
A lot of the damage to email infrastructure associated with spam is caused
by misguided spam-fighters, rather than spam itself.
I am waiting for the law to be enforced, not for CPU waste proofs.
--
Viktor.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
