[unisog] Good spam forgery getting me.

Andy Feldt feldt at nhn.ou.edu
Thu Dec 16 21:10:16 GMT 2004


Russell Fulton wrote:

> The only way to combat this sort of trickery is by using crypto to
> verify that the message really did pass though the MTA as claimed.
> (signature based on PK encryption of message ID?  No I'm not advocating
> this! It would probably create more problems than it solves)

There is already a project which does something close to this.  Take a
look at the description of SPF (Sender Policy Framework) at:

   http://spf.pobox.com/

It is not a cureall, but could be one of the pieces that helps solve
the puzzle.  Note that you must also implement SRS (links at the
above site) to deal with forwarding e-mail.  But, it may be a small
price to pay given the other costs involved with the current situation.

Andy
---
Andy Feldt
Senior System Support Programmer
Affiliate Assistant Professor
Department of Physics and Astronomy
The University of Oklahoma




More information about the unisog mailing list