[Spambayes] RE: Yahoo's "domain keys" and spam

Atom 'Smasher' atom at suspicious.org
Sat Dec 13 00:10:11 EST 2003


i haven't found many technical reports on yahoo's plan, but i suspect that
some of the failures in it are:

  1) a paying (or theiving!) customer of XYZ-ISP sends spam, and it's
"authenticated". this can happen either through a virus or a "make money
at home with your computer!" scheme.

  2) domains names and hosting are cheap. it would be a slight hurdle for
spammers to register new domain names through ISPs and "hit & run" that
server, ISP, domain name... depending on how the system is set up.

  3) spam-houses that consider themselves to be legit will have no problem
sending "authenticated" spam.

so, the system will likely have the effect of not only blocking non-spam
email, but giving a green light to a large volume of "authenticated" spam.
which brings us back where we started...  RBLSs, filtering, etc... but
with some added overhead to maintaining an SMTP server.

that's my $0.03 (adjusted for the falling dollar).


 PGP key - http://smasher.suspicious.org/pgp.txt
 3EBE 2810 30AE 601D 54B2 4A90 9C28 0BBF 3D7D 41E3

	"Politics is the art of preventing people from taking part
	 in affairs which properly concern them."
		-- Paul Valery

More information about the Spambayes mailing list