[Dshield] AOL and Yahoo to change for mail delivery
Johannes B. Ullrich
jullrich at sans.org
Mon Feb 6 21:12:23 GMT 2006
Charles Hamby wrote:
> If this becomes widespread I wonder how long it will take the spammers to
> come up with a way to forge the "postage" to bypass AOL and Yahoo's spam
> filters. Does anyone of a resource that discusses how this is supposed to
> be implemented, as opposed to the sound bytes I've been seeing so far?
there are decent ways to authenticate the sender in cases like this. Eg.
a cryptographic header like the 'sender key' Yahoo uses. Don't think
this is "fakeable", or if the private key should leak its not to hard to
setup a new one if there are only few parties involved.
Johannes Ullrich jullrich at sans.org
Chief Research Officer (617) 639 5000
PGP Key: https://secure.dshield.org/PGPKEYS
"We use [isc.sans.org] every day to keep on top of
security at our bank" Matt, Network Administrator.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 256 bytes
Desc: OpenPGP digital signature
Url : http://www.dshield.org/pipermail/list/attachments/20060206/afb1c638/signature.bin
More information about the list