Re: Public Policy and Consumer ISP Hygiene (was Comcastpop-ups)

[Nick FitzGerald <nick () virus-l demon co uk>]

chris () blask org wrote:

<<..>>
> IMHO, a sender-authentication system that runs over SMTP and allows at
> least *some* mail to be highly-verifiable as known-good - and that was
> easy to adopt at the user level - could spread like wild fire and drive
> adoption and refinement thereby reducing the value of spam to near-zero.
>  (fwiw I think this would require some amount of strong auth to work at
> all) 

Ummmm -- given the huge number of compromised client machines out 
there, and the multiplier of each such machine giving up N email 
account details (ISP, work or school, free webmail, one for most IM 
services the user is registered with, etc, etc) per legit user of the 
machine (2, 3, 4, 5, ??? per PC for a typical "home computer"), you see 
being able to "strongly authenticate" some, even any Emails from that 
system as BOTH possible and sufficiently user friendly that it might 
actually be used by more than a tiny fraction of the really most nerdy 
of IT techie types (who have other easier/more ingrained methods at 
their own disposal now)?

Really?

What _are_ you smoking?



Regards,

Nick FitzGerald


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.