OpenBSD Journal

Internet Task Force Shuts Down Anti-Spam Working Group

Contributed by grey on from the hopefully it's a light at the end of the tunnel and not a train dept.

Thanks to andrew fresh for keeping tabs on things and writing in with:

It looks like Sender ID is working its way to being a non-issue as mentioned by eWeek. They have disbanded the group in charge of coming up with the standard.

"Citing a lack of agreement on basic issues in the discussions of the working group, the IETF (Internet Engineering Task Force) has disbanded the MARID (MTA Authorization Records In DNS) working group. The group had been working to create a standard for mail authentication for the fight against spam, mail worms and other e-mail abuse."

(Comments are closed)


Comments
  1. By thrashbluegrass (68.50.4.145) thrashbluegrass at antisocial daht com on

    Really, about the only way to deal with spam (which, due to the marketing potential, is always going to exploit new technologies /just/ faster than the rest of the world can respond) is to whitelist your incoming mail.

    An imperfect solution, as many of us who use the internet to conduct business with organizations with whom we have legitimate business can't be assured of a single address of origin for replies to our mail; perhaps whitelisting that domain would suffice, but open the door to spoofed addresses.

    Not a deep or eloquent post, yeah, but hell, I've been up for 30 hours.

    Comments
    1. By Anonymous Coward (66.92.213.4) on

      You know it works surprisingly well... At work we have a spam to 'good' email ratio of 1000:1 ... It's freaking unreal. Although we currently use GFI (Exchange shop :| ), one day we'll go to spamd...

      Anyways Email certs & whitelists work the vast majority (99.9%) of the time...!

    2. By thrashbluegrass (68.50.4.145) thrashbluegrass at antisocial daht com on

      Although I wasn't expecting to get a glut of responses gushing that I'd found the most amazing new thing in the war on spam, I didn't expect to get the negative modding that I seem to have garnered.

      For those who've modded me down, would you be willing to let me in on your reasons for doing so, or at least engage in a discussion of the issue?

      Comments
      1. By Anonymous Coward (62.212.99.239) on

        Your original comment is actually off-topic. You talk about spam. SenderID or SPF are concerned with address spoofing. That's all. Not spam. You advocate whitelisting to fight spam (which I think is not a good idea btw.), but whitelisting based on what ? Domain name ? Then you need a way to verify that the e-mail really comes from the purported domain, and SPF can help. After that, you can apply whatever whitelist/blacklist/black magic you like.

        Comments
        1. By Anonymous Coward (69.197.92.181) on

          No, it wasn't off-topic. The subject of the news item posted even mentioned it was the anti-spam workgroup that was shut down.

          "The group had been working to create a standard for mail authentication for the fight against spam, mail worms and other e-mail abuse."

        2. By CFB (63.255.174.162) on

          I thought he was advocating white-listing as a result of first grey-listing. Not the grey-listing that employs a time delay before accepting a subsequent delivery re-attempt from a new sender of a message (since most spam doesn't bother to retry sending the message later after having received a protocol error), but the grey-listing where an email from first-timers is auto-replied to with a message containing a link that needs to be clicked before the original message is delivered and the first-timer is then added to a whitelist (probably the first-timers email address only, but perhaps a combination of their email address and IP address).

      2. By Anonymous Coward (205.240.34.204) on

        Although I wasn't expecting to get a glut of responses gushing that I'd found the most amazing new thing in the war on spam, I didn't expect to get the negative modding that I seem to have garnered.

        For those who've modded me down, would you be willing to let me in on your reasons for doing so, or at least engage in a discussion of the issue?

        Not everyone reading shares your attitude that whitelists are the only way to prevent spam. It might be acceptable for you, but not for many of us, i.e. we disagree. We see merit and successes in persuing other means to prevent spam.

        Having said that, it does seem like an abuse of the modding system to use it as a measure of approval instead of troll prevention.

    3. By tedu (67.124.149.12) on

      i hope you're not one of the numbnuts who posts to lists and then blocks the replies. like i'm gonna respond to some magic password email just so someone can read an email that they asked i send them? please...

  2. By Anonymous Coward (62.140.74.37) on

    a task force was set up to work out way a user could avoid spam???

    thats extremely simple! :
    1. dont use outlook express
    2. observer email netiquette (send mail to friends, family and colleagues via bcc OR create and send to groups)
    3. avoid publishing your email address on the net
    4. use web services like http://www.bugmenot.com whenever possible
    5. use email services such as http://www.dodgeit.com whenever possible

    of course, if a task force was setup to educate the masses for the above list, that would have been a productive use of assets and time. (if one user gets educated, thats a success!)

    disclaimer: i just said dont use outlook express, NOT use XXX mail client

    Comments
    1. By tedu (66.93.171.98) on

      "1. dont use outlook express"

      ok, i don't. but guess what? i still get piles of spam. i could maybe see the outlook vuln -> zombie -> spam sender connection, but on the receiving end, nope.

      "2. observer email netiquette (send mail to friends, family and colleagues via bcc OR create and send to groups)"

      how does this help?

      "3. avoid publishing your email address on the net"

      this one's kinda hard if you send email to a mailing list.

      "4. use web services like http://www.bugmenot.com whenever possible"

      i register for every online service with a different email (primarily for filtering). and yet, 99% of the spam i receive is destined solely for tedu.

      "5. use email services such as http://www.dodgeit.com whenever possible"

      uhm, so anyone can read my mail? i'll pass.

  3. By Bob Beck (68.148.128.240) beck@openbsd.org on

    The real reason it's toast is that it doesn't stop spam. All SPF and caller id ever did was help the big guys like AOL and microsoft make it harder for spammers to spoof their own addresess. Since it's not all that terribly hard to set up a DNS server with a couple thousand throwaway domains in it, of course it won't stop spam! This was all made pretty obvious to me with people clamoring to me to add SPF support to spamd in OpenBSD - I tried a little experiment. I have a machine that gets about 10,000 greylist connections an hour. Using that I wrote a little perl script to walk the greylist and blast entries sent with stuff that didn't match spf, as per the spec. Basically, it didn't do much at all, on 35,000 greylist entries (4 hour timout remember) it might remove about 20 - piddly nothing. Interestingly though, many more of those connections which in looking at them in detail - about a thousand or more, which were *mostly* spam. DID have spf records published. the actual more effective algorithm for spam prevention,(as of at least a week ago) was that if it wasn't pobox, aol, or msn, and it had spf information in the DNS, assume that it *WAS* spam, as opposed to not being spam. Really! Basically the spammers are adopting it much faster than anyone else, because like the spec says, it doesn't prevent spam, however with people using it that way, if the spammers publish spf records their spam is much more likely to get through. -Bob

Credits

Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]