Robert Lemos, SecurityFocus 2006-04-20
A host of software companies, security firms and Internet service providers met in Chicago on Wednesday to urge corporations and bulk message senders to adopt e-mail authentication technologies.
Colapse all |
Post comment
E-mail authentication gaining steam
2006-04-20
Todd Knarr (2 replies)
Todd Knarr (2 replies)
Re: E-mail authentication gaining steam
2006-04-20
Anonymous (4 replies)
Anonymous (4 replies)
Good Point!
But also notice that this effort (if successfull) may deter spoof emails which are of more serious concern.
Alok Tilavat...
[ more ] [ reply ]
But also notice that this effort (if successfull) may deter spoof emails which are of more serious concern.
Alok Tilavat...
[ more ] [ reply ]
Re: Re: E-mail authentication gaining steam
2006-04-21
Anonymous (1 replies)
Anonymous (1 replies)
But could this not also create problems for legitimate email as well?
For example, you use a high speed ISP that does not provide hosting services. That same ISP blocks remote port 25 access.
So, your domain name is hosted elsewhere, and you try to send email using your domain name...
and....
[ more ] [ reply ]
For example, you use a high speed ISP that does not provide hosting services. That same ISP blocks remote port 25 access.
So, your domain name is hosted elsewhere, and you try to send email using your domain name...
and....
[ more ] [ reply ]
Re: Re: Re: E-mail authentication gaining steam
2006-04-29
Anonymous
Anonymous
If your isp blocks outbound port 25 it will be rejected anyway.
I guess you mean your forced to send via your isp's outbound mailservers, in which case you need to add those mailservers to your spf record.
This does mean that other people using your isp's outbound mailservers can send email cl...
[ more ] [ reply ]
I guess you mean your forced to send via your isp's outbound mailservers, in which case you need to add those mailservers to your spf record.
This does mean that other people using your isp's outbound mailservers can send email cl...
[ more ] [ reply ]
Re: Re: E-mail authentication gaining steam
2006-04-25
Todd Knarr
Todd Knarr
Perhaps. But with bot-nets, why would the phishers NEED to spoof addresses? Just send those fake e-mails from a compromised machine within the company you want them to appear to be from. That's just a logical extension of something we've already seen happen: the old advice about "don't open e-mail f...
[ more ] [ reply ]
[ more ] [ reply ]
Re: E-mail authentication gaining steam
2006-04-29
Anonymous
Anonymous
Your slightly missing the point - at the moment we ONLY have ip addresses to go on when tracing spammer.
At the moment spammers can choose ANY domain name to claim to send there spam from, but when email authentication is wide spread they will have to choose a domain that they can configure to al...
[ more ] [ reply ]
At the moment spammers can choose ANY domain name to claim to send there spam from, but when email authentication is wide spread they will have to choose a domain that they can configure to al...
[ more ] [ reply ]
Incorrect statement
2006-04-21
Dotzero (1 replies)
Dotzero (1 replies)
From the article:
"authenticates e-mail by checking the address of the sending server against a record added to domain name servers. "
This is factually incorrect. SID absolutely does not validate the sending server.
SPF1 records make an assertion that is in the RFC2821 (Transport) space fo...
[ more ] [ reply ]
"authenticates e-mail by checking the address of the sending server against a record added to domain name servers. "
This is factually incorrect. SID absolutely does not validate the sending server.
SPF1 records make an assertion that is in the RFC2821 (Transport) space fo...
[ more ] [ reply ]
Targeted Distributed Proxy Spam Mailbombing
2006-04-21
An Observer
An Observer
Unfortunately, authenticating the sender only solves part of the problem of junk mail.
Many commercial enterprises have web sites where interested customers can expressly request information by phone, e-mail, or US mail.
Unfortunately, these sites are easily exploited to generate spam by proxy...
[ more ] [ reply ]
Many commercial enterprises have web sites where interested customers can expressly request information by phone, e-mail, or US mail.
Unfortunately, these sites are easily exploited to generate spam by proxy...
[ more ] [ reply ]
E-mail authentication gaining steam
2006-04-21
Kellstr
Kellstr
I have been asked several times by my organizations director why an e-mail he didn't send was received by another user. When I look at the headers it obviously did not come from our netwrok. If authentication worked that would be one less headache I would have to face (until one of our machines got ...
[ more ] [ reply ]
[ more ] [ reply ]
E-mail authentication gaining steam
2006-04-24
Anonymous
Anonymous
postfix.org is what we (www.sjobeck.com) use as the internet-facing point in ingress for all, and all our client's, email, and it works like a dream. I highly advise more organizations get someone who knows Linux or *BSD to throw postfix on to, and put it in front of your Exchange/GroupWise/etc/etc/...
[ more ] [ reply ]
[ more ] [ reply ]
Spam Solved Tomorrow
2006-05-12
Anonymous
Anonymous
Spam could be extinct tomorrow if everyone adopted a proof of work system like Hashcash. Hashcash requires that email consume some amount of processor time (say a tenth of a second) that can be transparent to a legitimate user but devastating to spammers. It's decentralized: it works without a centr...
[ more ] [ reply ]
[ more ] [ reply ]
[ more ] [ reply ]