IETF Decides On SPF / Sender-ID issue 269
Zocalo writes "The MARID working group at the IETF responsible for deciding on which extensions to SMTP will be used to try and prevent spoofing of the sender has made their decision. At issue was whether Microsoft's patent encumbered Sender-ID would be eligable for inclusion in an Internet standard. An initial analysis of the text of their decision, available here with a brief analysis, would suggest not. Unless Microsoft is going to make any dramatic concessions out of desperation, that pretty much clears the way for Meng Wong's Classic SPF to become the standard and hopefully make Joe-Jobs at thing of the past."
I saw spammers are ready for this (Score:4, Interesting)
Re:I saw spammers are ready for this (Score:5, Informative)
Re:I saw spammers are ready for this (Score:5, Informative)
While not designed to stop spam, I'm more than sure spam was a big consideration. Certainly it impacts on spam - either spammers have to use domains the have bought - which leaves a paper trail most spammers would rather didn't exist or not use SPF. If they are using SPF it makes using 0wned computers for bulk mailing a lot more difficult - either they need to do a DNS update for every new machine, ot use -all in the spf record, a flag that would probably then be used by spamassassin to increase the spam score.
You are correct in that SPF won't stop spam, but to suggest that it's not another tool diseigned to be used against spammers is, however, wrong.
Re:I saw spammers are ready for this (Score:3, Insightful)
The other alternative has been possible for a long time, and that's to use a web of trust built on a keyserver and re
Re:I saw spammers are ready for this (Score:4, Insightful)
Trouble is that this is a greed train run amok for people like Verisgn. $3000 fees per server (or whatever the marker will bear), etc.
Re:I saw spammers are ready for this (Score:4, Interesting)
Let me explain:
Most major ISPs here in the US have already shut down outgoing 25. This means even if you have a hosted domain that allows you to use the host's smtp server, you can't (without jumping through hoops). You have to send through your ISPs smtp server.
Most large ISPs run only a few smtp domains, for example east.smtp.ISP.com, west.smtp.ISP.com.
With that being said, even if SPF was 100% rolled out, how many domains would have east.smtp.ISP.com SPF records?
I'm guessing thousands.
Anyone with access to these few servers (100s of thousands I'm guessing) would be "authorzied" to send mail for any one of these domains.
The problem will only increase as the number of major home providers decreases.
SPF relies on a low smtp/domain ratio, which just can't be guaranteed.
SPF is NOT about... (Score:5, Informative)
Re:SPF is NOT about... (Score:5, Insightful)
Re:SPF is NOT about... (Score:3, Interesting)
Re:I saw spammers are ready for this (Score:5, Interesting)
This means all the spam that comes from AOL and Hotmail accounts that don't actually leave from there servers would be bounced at your mail servers. At this point in time, if everyone used SPF, my guess is that at least 50% of spam would be blocked.
Of course, spammers are going to register domains to use for spamming and set SPF records so that their mail appears legit to the SPF filters.
You're probably thinking, "What's the point?" Well, it's easier to understand if you have ever hosted a domain that has been either blacklisted or had an increase in bandwidth charges because of millions of bouncebacks due to spammers using a FROM address in your domain.
Re:I saw spammers are ready for this (Score:2)
Re:I saw spammers are ready for this (Score:3, Interesting)
There are several possibl
I love it (Score:5, Insightful)
I don't love it. :-< (Score:4, Informative)
First off, the co-chairs message is so murky and confusing that about a half dozen of us have asked for clarifications about what the heck they are saying.
Far from ruling against MS, it appears to me that the co-chairs have give the green light to advance the patent encumbered PRA algorithm and they are saying that the IETF working group will not consider any replacement for the PRA since it might infringe on MS's patent.
Within a matter of seconds after Chuck first posted this story, I told him I thought he had gotten it totally wrong. Chuck agreed that the jig many not be up, reworded the very end of the story (RTFA) and sent email to the co-chairs. To the best of my knowledge, the co-chairs have not responded to any of us who have asked for clarification.
Re:One little problem ... (Score:2)
Desktops are irrelevant here.
Re:I love it (Score:3, Insightful)
Standards == Monopoly?? (Score:5, Interesting)
Re:Standards == Monopoly?? (Score:5, Informative)
Here's for more information about the official IPR position of the IETF:
http://www.ietf.org/ipr.html [ietf.org]
Re:Standards == Monopoly?? (Score:5, Insightful)
On the other hand if the majority of Email servers are F/OSS, and F/OS doesn't adopt it because of the patent, it doesn't make sense to support it anyway. You suddenly appear to be in MSFT's pocket.
Being in MSFT's pocket nowadays isn't considered a good thing.
Patents == Monopoly. (Score:3, Informative)
That said, the answer seems to be no. The IETF can adopt a patent-encumbered method as a standard.
As you can see here [ietf.org], there appear to be quite a number of patents which may or may not relate to IETF standards. And you can see that in these cases, it appears that the IETF demands that the patent is licensed on "fair, reasonable and non-discriminatory terms".. whatever that means.
No patents just because not publicly available? (Score:2, Interesting)
And in follow up to the parent's post, I want to ask:
Re:Standards == Monopoly?? (Score:5, Informative)
3.5: "CARP License" and "Redundancy must be free" [openbsd.org]:
It's been said before, but it's worth repeating (Score:5, Insightful)
Microsoft shouldn't be surprised that their patent-encumbered method didn't fly. Remember the whole "burn all GIFs" campaign, when a patent made gif files possibly illegal to use? Now - imagine that mess with your email, and Microsoft holding the reins. Argh.
We've been through the whole embrace-and-extend loop with MS before, and it's nice to see the IETF understand the problems that a patent encumbered standard would produce.
Re:It's been said before, but it's worth repeating (Score:5, Funny)
oh yeah, I remember that really stopped people using Gifs. Especially vigorous in their destruction of gifs because they were patent-encumbered were the kind of people who read this site [slashdot.org]
Re:It's been said before, but it's worth repeating (Score:5, Insightful)
Well, it's not really a problem anymore because the gif patent expired [burnallgifs.org], so they're ok to use now.
But I still think the point is a valid one - and an excellent example of why software patents are a bad idea. I know it's contrary to Slashdot groupthink, but what if Microsoft's implementation is the superior one? (Work with me guys, it's hypothetical) Now, because of the patents, it'll never be used and we'll be missing out on a good thing.
Comment removed (Score:4, Insightful)
Re:It's been said before, but it's worth repeating (Score:4, Insightful)
Because a standard shouldn't be patented.
If you're making a proprietary something-or-other, fine. But this is for an IETF approved standard, which is something that everybody should be able to adhere to.
Having a proprietary standard breaks things. Imagine how much ftp would be used if you had to give some company a nickel every time you used it? Fortunately for ftp, it's royalty free, and that's why it's used. That's the beauty of royalty free standards. Anyone can implement them, and because they're free, anyone can use them.
Re:It's been said before, but it's worth repeating (Score:4, Insightful)
If someone were to patent some software technology that people would find useful and they wanted to license it then that's fine. If someone else didn't want to license it then they can come up with their own technology that acomplishes the same thing. That's what the patent system is for.
But to force patented technology to be licensed by everyone by making it part of a standard is an abuse of the system.
The internet is based on open standards which allows applications on any platform to communicate and interoperate. As soon as you introduce patented technology, some will be willing to pay the royalties and others will not. Once that happens, you have two different protocols that no longer interoperate smoothly and they system breaks down.
Look at what Microsoft already did with HTML, Java, XML, (insert favorite technology here...) by trying to introduce their own "extensions."
Re:It's been said before, but it's worth repeating (Score:3, Insightful)
If you dissagree then please explain how you justify a software patent in light of the following:
You do not need a computer to run software. Absolutely any software can (slowly) be executed mentally. I am a programmer, executing mentally is an integ
Re:It's been said before, but it's worth repeating (Score:2, Informative)
Because
Re:It's been said before, but it's worth repeating (Score:2)
Because the penalties associated with allowing them do so out weigh the benefits.
Software patents have a net negative effect on science and the useful arts.
-- should you question authority?
Re:It's been said before, but it's worth repeating (Score:3, Interesting)
Re:It's been said before, but it's worth repeating (Score:2)
We've all seen how Microsoft can often manipulate standards to force people to use their platforms. Have we learned nothing from history? If Microsoft want's to regain lost trust they should free this from any patents.
Worried... (Score:4, Interesting)
In the case I guess the only option will to be use webmail for any addresses not provided by my ISP. That's a pain...
Re:Worried... (Score:5, Informative)
Your ISP doesn't need to do anything at all.
Re:Worried... (Score:2)
That depends upon the implementation. (Score:3, Informative)
#2. What happens when the SPF record does not exist or does not match is entirely up to the implementation.
Example: SpamAssassin
I can set the rule to add 20 (or any other number) if the SPF doesn't match.
I can set the rule to add 1 (or any other number) if there is not SPF.
It all depends upon which s
Re:Worried... (Score:3, Informative)
This means a configuration pain for my MUA, and the loss of logging I get from using my own MTA to transfer directly to the recipient's MX.
Generally though, I'm supportive of SPF as I believe it will make a difference to the volume of messag
Not over until FAT lady sings (Score:3, Interesting)
Fucking S/W patents. If these had been available 20 years ago the NET would never have been born.
These people are just selfish. They build their bisinesses on the NET backbone, given to them for free and then do everything possible to destroy the vehicle that built it.
Human nature?
Re:Not over until FAT lady sings (Score:2)
Reason #1 That I don't like SPF (Score:4, Interesting)
Yes I know about SRS. (sender rewriting scheme)
SRS is a LAME workaround for the fact that SPF breaks forwarding.
Re:Reason #1 That I don't like SPF (Score:4, Informative)
With my MTA of choice (exim) it's pretty easy to do.
Re:Reason #1 That I don't like SPF (Score:2, Insightful)
Re:Reason #1 That I don't like SPF (Score:4, Informative)
This is a non-issue however, because most sane people that run good email servers do not allow smtp pre-delivery forwarding to take place at all (unless its for messages that are being forwarded to another one of their own servers) as this "feature" (when manipulated correctly) can be used to make their servers into open relays, thus making them into some spammer's bitch.
And yes, for those that need pre-delivery forwarding, there are workarounds available.
Re:Reason #1 That I don't like SPF (Score:2, Informative)
Re:Reason #1 That I don't like SPF (Score:2, Informative)
Not at all. ISPs generally allow customers to send outgoing mail through the ISP server as a relay. This is very common and has nothing to do with open relaying, as it's only permitting relaying from the customer's IPs.
Re:Reason #1 That I don't like SPF (Score:4, Insightful)
Yes, that's true. But what we think of as "forwarding" is really "forging". After all, if I send you an email why should you be able to re-send it to somebody pretending to be me? That's forging my name on it. If you want to forward an email, you can damn well put your name in the From: field. After all, it's from you isn't it? I certainly didn't forward it to the person. Why should the headers say I did?
The fact that we've come to rely on easy forgery for some email applications is no reason to not fix the problem. Mailing lists of course have a similar problem, but there is no reason why email from an email list shouldn't have the email list itself as the sender. It's just convention to do otherwise.
Re:Reason #1 That I don't like SPF (Score:2)
If I forward an e-mail that you've sent to me - using most any e-mail program around - that message will have my address in the "From" line rather than yours.
Re:Reason #1 That I don't like SPF (Score:4, Insightful)
Another reason not to like SPF (Score:3, Insightful)
You are correct, and that's why the SPF/SenderID solutions are off target. SenderID is a bandaid designed to block zombie Windows machines while allowing 'legitimate email advertisers' (*choke*) to continue to spam. Since these solutions are designed for a specific problem, they don't get at the real source of spam.
The whole problem is that there is currently no way for a mail server to determine with certainty that the se
Re:Reason #1 That I don't like SPF (Score:3, Informative)
But the actual problem you're talking about exists when forwarding is done at the MTA level, which is utilized by
Re:Reason #1 That I don't like SPF (Score:4, Informative)
SPF/SRS - Qmail/Mail Toaster Implementation (Score:2)
qmail/Specifically Matt Simmerson's Mail Toaster [tnpi.biz]?
I'm curious [thenetworkpeople.biz] if anyone has taken the time to do this, and also if there is demand out there to have Matt make the toaster SPF/SRS compatible.
I think this seems like a good step in the right direction -- doesn't solve all our mail problems, but atleast slows down a lot of the worm-spam phenomenon; I just don't have the time to piece this all together, so I'm hoping to see it in Mail Toaster sometime soon!
Re:Reason #1 That I don't like SPF (Score:2)
Forwarding is wrong (Score:2, Interesting)
Forwarding is wrong. Always has been. Re-mailing is what should be done in the majority of cases. Mailing lists won't have any problem because the mailing list itself can be the return address, thus not invoking an SPF lookup on the poster herself. Private forwarding is the big issue (e.g. like bigfoot.com) and in these cases SRS and backtracking can be used.
Now do you a constructive suggestion of an alternative to SPF that both supports the kind of forwarding you want to do, and still informs those wh
Re:Reason #1 That I don't like SPF (Score:2)
make sendmail look bad (Score:5, Interesting)
It makes Apache and FSFlook good as they
proved resistance isn't futile.
http://it.slashdot.org/article.pl?sid=04/02/24/
Re:make sendmail look bad (Score:3, Interesting)
This isn't a troll, or at least it isn't meant to be read as one. My point is that Sendmail is a perfect example of exactly what's wrong with unix. Nobody wants to be editing cryptic configuration files to accomplish simple things. Remember the mantra: simple things should be simple, and complex things should be
Will ITEF make a difference? (Score:5, Interesting)
Re:Will ITEF make a difference? (Score:2, Insightful)
Re:Will ITEF make a difference? (Score:4, Interesting)
The only environment where MS's email has a stronghold is in corporate email. I don't think that's sufficient to force a standard. Even in that market, MS only has about 50% of the market [serverwatch.com].
Re:Will ITEF make a difference? (Score:2)
Well, if they own 50% of that market, they are the single largest player in that market. Many small companies won't be reading up on the debate, etc., and will just think it's cool protection for email, so penetration of that 50% market will probably be high.
I have a little vanity domain that I use, and I'm seeing bouncebacks indicating that people are spoofing it daily. This domain is the best way to reach me, though, and it's where my resume points,
Re:Will ITEF make a difference? (Score:4, Interesting)
- tell their client/customer to switch to an MS product if they want to send e-mail to the company; or
- turn off Sender-ID?
I know what I would do.Re:Will ITEF make a difference? (Score:2)
What exactly would microsoft gain from deploying a standard they can't use, because the other 70% or so of the world simply ignores it? They couldn't enforce it on their servers without dumping 80% or so of the legit mail coming
Time to bug DNS hosters (Score:5, Interesting)
Re:Time to bug DNS hosters (Score:2, Informative)
Re:Time to bug DNS hosters (Score:2)
Re:Time to bug DNS hosters (Score:2)
Re:Time to bug DNS hosters (Score:2)
Good. Now let's improve SPF. (Score:5, Interesting)
It occurred to me recently that I could write a separate milter to implement just this one check. It would compare the SMTP-sender against the header-sender, and if they don't match then it would add a header to the message saying "possibly forged". A later step in the delivery process, such as bogofilter, would see this header and weigh it appropriately.
I'm interested in comments on this idea.
Re:Good. Now let's improve SPF. (Score:3, Informative)
Really.
Microsoft want to patent going through a header to see who the message claims to have been sent by - the "Purported Responsible Address" - aka the PRA.
Take a look at the algorithm [ietf.org] they are trying to patent and ask yourself how many times you've done this yourself when trying to figure out where mail came from.
It's like trying to patent an algorithm to find the author of a book: 1) look for a name on the cover 2) look for a name on the sp
Re:Good. Now let's improve SPF. (Score:3, Insightful)
Re: (Score:2)
Re:Good. Now let's improve SPF. (Score:2)
It is absolutely insane to let MS be involved (Score:5, Insightful)
They need to be kept 1000 feet away from any standards setting. Microsoft should only encounter the email standard when they send an email. Anything else is an absurdly bad idea.
If you had to bet, could you honestly bet they wouldn't exploit their license to shut out open source, or (more likely) GPL, now or (more likely) later?
I'd bet your well-cushioned ass they would.
It is hardly a conspiracy theory, when you can open any business section and read about their new patent portfolio manager or the SCO lawsuit. They play dirty, they do it in exactly this way, and everybody knows it.
Letting them taint the standard is bad for other vendors. It's bad for service providers. It's bad for users (read: most of the world's population, individuals and businesses). It's even bad for Microsoft itself.
It is absolutely absurd to have a standards war over email. But now we have to consider it.
Standards bodies may do the right thing. That's great. But what I fear now is that Microsoft will say "OK, you don't want to play our game? That's fine. Have it your way. Just don't bother sending any emails to @microsoft.com or @hotmail.com (and everywhere else we can buy or control) without a patented Caller/Sender ID record."
When they do this, we have to stand in a big line facing them, stare back, grin, and say "your loss."
Get ready...
MS is involved in standards setting... (Score:3, Insightful)
Oh, you mean like DHCP and BootP?
Yeah, that's been a REAL disaster. Encumbered by patents, not cross platform, very secretive...
Christ- I hate MS as much as the next guy, but chill out.
I've always wondered... (Score:2)
Okay there would be an increase in mail traffic, but the eventual benefits, should outweigh that (though I'm very open to the fact that there is probably some fundamental flaw in my idea).
Re:I've always wondered... (Score:3, Informative)
That's not what you'll be thinking when a Joe Jobber effectively slashdots your server: you'll say No to a few people at first before your server melts down.
Besides, this would require a fair amount of stateful information on your mail server- what do you think you should do, store a message digest of each message you send? If so, how long do you store it? When do you get rid of it- first time it's asked for?
Re:I've always wondered... (Score:2)
This would be no different from the current system where you get hundreds of 'undeliverable' messages when someone does a joe job on you. The bandwidth (and storage for all the 'undeliverables') would be improved in those instances.
It would only be any worse for authentic mail.
Re:I've always wondered... (Score:5, Informative)
If your system asks the domain that the mail is supposedly from, then you may as well be using SPF, as it saves on network traffic and gets you the same answer.
Joe-jobs or just forged headers still are a pain (Score:5, Interesting)
This ought to be considered actionable as a DOS attack - if companies start filtering out my domain name, I can't apply for jobs with them, for example. And if my upstream ever gets tired of explaining to idiots to read their headers instead of thinking it's me, then I'll have to hunt for another provider. Even without those reasons, it still takes me time every day to clean out my admin box so I can get my real mail. In fact, because I'm the only person at my vanity domain, and it's part of my online identity, it also ought to be considered slander for someone to pretend to be from my domain, because they're effectively claiming I'm sending these ads, etc.
I hope SPF becomes generally accepted, and soon. I'm afraid it won't, though, because there are millions of people running old copies of MS Exchange, etc., and they probably won't want to pay to upgrade or take the performance hit to authenticate messages this way. Still, if I go ahead and stick the DNS entries in, it might at least prevent some of the damage.
Re:Joe-jobs or just forged headers still are a pai (Score:2)
Re:Joe-jobs or just forged headers still are a pai (Score:3, Interesting)
That's great to hear that you did even that much. I have no doubts tha
Re:Joe-jobs or just forged headers still are a pai (Score:2)
As for ISPs, I'm happy if the big ones block out
Re:Joe-jobs or just forged headers still are a pai (Score:3, Interesting)
Then three weeks ago my ISP shuts off my SMTP access, no warning, no explanation. Now, as it happens my server runs all incoming mail through three or four RBLs, also uses SpamAssassin, has a Bayesian filter system and I use Thunderbird. So after all that filter
Re:Joe-jobs or just forged headers still are a pai (Score:3, Interesting)
That's probably because you shouldn't be bouncing mail like that. If the local address is unknown or the message triggers a spam filter, the mailserver should respond with a 500-series SMTP error (probably 550). Note: this only works on machines receiving SMTP connections directly from the world. If you know there's another machine between you and the world (eg. external server receives mail, queues it and then passes it along to a second machine that runs the spam filters and delivers the mail to mailboxes
Re:Joe-jobs or just forged headers still are a pai (Score:3, Informative)
That's certainly not how I read it (Score:5, Informative)
3. On the issue of ignoring patent claims, the working group has at least rough consensus that the patent claims should not be ignored. Additionally, there is at least rough consensus that the participants of the working group cannot accurately describe the specific claims of the patent application. This stems from the fact that the patent application is not publicly available. Given this, it is the opinion of the co-chairs that MARID should not undertake work on alternate algorithms reasonably thought to be covered by the patent application. We do feel that future changes regarding the patent claim or its associated license could significantly change the consensus of the working group, and at such a time it would be appropriate to consider new work of this type.
Look closely. The wording to pay close attention to is "This stems from the fact that the patent application is not publicly available. Given this, it is the opinion of the co-chairs that MARID should not undertake work on alternate algorithms reasonably thought to be covered by the patent application.".
In other words, we don't know what the patent is, so we shouldn't waste time doing any work an anything that might infringe it. That's significantly different to saying that the original patent-encumbered work won't be accepted, in fact the wording has been very carefuly picked to remain non-committal on that point.
Next, look at an extract from point 4 of the summary: ...With regard to items 3 and 4 above, it is also the opinion of the co-chairs that any attempt by the MARID working group to define any new scopes other than "mailfrom" and "pra" for the SPF syntax will at this time result in failure to find consensus within the working group.
4.
In other words, not only the should the committee not waste its time until all the patent claims are made public, but neither should anybody else try submitting new things until the committee knows what's happening with the current proposals.
I read the summary as a glorified "we can't know what to do as not all claims have been made public, so we'll just put everything off until the claims are fully known". Neither backing for, nor rejection of Sender-ID. And certainly nothing whatsoever about falling back purely onto SPF.
Cheers,
Ian
Re:That's certainly not how I read it (Score:4, Interesting)
It's not too late for Microsoft to change their mind, relax the license terms and waive any patent issues to get Sender-ID accepted. Their problem is that they need to do so quickly or they will be trying to push a proprietary standard onto a group that have already stated they don't want to know and will not implement it. Also, standard or not, adoption of Classic-SPF is proceeding apace and is already functional in most FOSS MTAs and anti-spam systems - for a lot of people the herd mentality is all that applies in selecting a solution.
Re:That's certainly not how I read it (Score:4, Insightful)
With regard to items 3 and 4 above, it is also the opinion of the co-chairs that any attempt by the MARID working group to define any new scopes other than "mailfrom" and "pra" for the SPF syntax will at this time result in failure to find consensus within the working group.
This suggests that PRA actually is an effort which the Working Group will pursue. How can they do so if Microsoft has patented PRA with unknown terms?
I read Microsoft's Intellectual Property Disclosure [ietf.org]. It says that the covered material is:
Both Sender ID: Authenticating E-mail <draft-ietf-marid-core-03.txt>
and Purported Responsible Address in E-mail Messages
in combination.
This does not make clear the exact scope of the PRA patent. It could just cover the one specific sequence of steps in the PRA document. Or it could cover the very idea of scanning the email to find the PRA. Or something in between.
Usually patents are written in a hierarchical manner. First you have the broadest possible claim covering the general idea of what you want to do. Then you have a series of dependent claims which expand on the earlier one(s) by providing more details about how it will work. This gives you the greatest possible coverage while allowing the patent to survive and be useful even if some of the broadest claims are invalidated.
I don't see how the IETF WG can proceed with PRA type algorithms when Microsoft has advised them that PRA is covered by a pending patent. And given that they are doing so, it certainly does not seem like they are rejecting Microsoft's approach.
An Insider's Tale of Sender ID (Score:3, Informative)
Moderated Newsgroups? (Score:2)
Dumb. Real dumb. (Score:3, Insightful)
2) Extend (Pending)
3) ??? (Pending)
4) Profit (Pending)
Thanks for helping MS with Step 1. Wait for changes + patent threats in 3-5 years.
Royalty Free Patent? (Score:2)
MS has said that the patent exists primiarly to protect them from an Eolas, but would it be accpetable To OSS if MS went through a similar route that Theora has gone and granted an irrevociable royalty free licence to any open source implemantation that requests it?
Diplomacy: Patents have to be clear and public (Score:5, Interesting)
It's not over for Microsoft's efforts...though it's very close to being over. The important section that points this out -- with highlighted text -- is below;
They aren't saying that the Microsoft patent (or any patent) is bad...they are saying that it can't be publically reviewed or is not clear enough to make a decision.
This does give Microsoft some wiggle room if they want to 'clarify' what they mean...and in the course of that, possibly elminate the problems they originally introduced.
Microsoft has a choice to either correct the mistakes (by 'clarifying' them) or what they contributed with patent encumberences will not be accepted.
A community of Peers? (Score:3, Interesting)
Looks like the days when every machine was a peer on the Internet is gone in favor of the day when every machine must register with a superpeer (like DNS) to be considered a valid endpoint.
Kinda sucks, if you ask me, to fight spam by ruining the best part of the Internet, ESPECIALLY WHEN THERE ARE BETTER ALTERNATIVES OUT THERE! Look at IM2000 or any similar idea. These would work just as well without requiring me to lose my status as valid endpoint and without me being forced to register with a superpeer, like DNS.
Re:Certificate based sender authentication (Score:4, Insightful)
The problem all around spam is most of the users are just users. Don't understand, don't care, don't want to care. They just spread other people's viruses, spam, etc. without knowing or if knowing don't believeing they do much trouble by using crappy buggy and vulnerable sw.
If I could afford the luxury to devnull all e-mails I receive that are not signed, I would never ever get spam, that's for sure. The problem is one can't easily talk others into GPG.
They would much more easily turn into over-patented Microsoft solutions however crappy or overpatented they would be.
Re:Certificate based sender authentication (Score:3, Interesting)
Re:Certificate based sender authentication (Score:4, Interesting)
domainkeys [sourceforge.net]
It allows the edge mail servers to sign an email, and it does not break email like SPF does.
Re:spoofed? (Score:2)