[Dshield] AOL and Yahoo to change for mail delivery

Johannes B. Ullrich jullrich at sans.org
Mon Feb 6 21:12:23 GMT 2006


Charles Hamby wrote:
> If this becomes widespread I wonder how long it will take the spammers to 
> come up with a way to forge the "postage" to bypass AOL and Yahoo's spam 
> filters.  Does anyone of a resource that discusses how this is supposed to 
> be implemented, as opposed to the sound bytes I've been seeing so far?

there are decent ways to authenticate the sender in cases like this. Eg.
a cryptographic header like the 'sender key' Yahoo uses. Don't think
this is "fakeable", or if the private key should leak its not to hard to
setup a new one if there are only few parties involved.



-- 
---------
Johannes Ullrich                        jullrich at sans.org
Chief Research Officer                     (617) 639 5000
http://isc.sans.org
PGP Key: https://secure.dshield.org/PGPKEYS

"We use [isc.sans.org] every day to keep on top of
 security at our bank" Matt, Network Administrator.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 256 bytes
Desc: OpenPGP digital signature
Url : http://www.dshield.org/pipermail/list/attachments/20060206/afb1c638/signature.bin


More information about the list mailing list