Cisco, Yahoo! Tout New Spam Killer: Cryptography
Results 1 to 4 of 4

Thread: Cisco, Yahoo! Tout New Spam Killer: Cryptography

  1. #1
    Member ams2d's Avatar
    Join Date
    Aug 2001
    Location
    Indianapolis
    Posts
    58

    Cisco, Yahoo! Tout New Spam Killer: Cryptography

    http://www.forbes.com/facesinthenews...acescan04.html

    The tech firms announced late Wednesday that they have forged together two means of harnessing cryptography. The hybrid code technology will help determine whether an e-mail sender's address is bona fide or false--as spammers often evade capture via counterfeit addresses--and reject any mail from spurious sources.
    An updated version of the article

    http://www.forbes.com/associatedpres...ap2072572.html


    Wonder how long it will take the spammers to find a way around this.
    Wise men talk because they have something to say;
    fools, because they have to say something.
    Plato

  2. #2
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,884
    hybrid code technology will help determine whether an e-mail sender's address is bona fide or false--as spammers often evade capture via counterfeit addresses--and reject any mail from spurious sources.
    I wonder how much of this new wonder code is simple reverse lookups and SMTP RFC compliance.
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  3. #3
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    ams2d

    Probably not long, as the concept already exists. I am referring to worms/trojans/viruses, that would use your system and thereby produce an apparently valid address.

    However, on the positive side, as soon as spammers do that they will be breaking a lot more laws in a lot more countries?

    From what I can see of the somewhat brief description, this will at least take a lot of the "amateurs" out of the game?

    I used to play that little game years ago. We would all put a code in the message header for the person we were sending the e-mail to. So if a nasty got into my system and found an e-mail for me from my mate Fred, it would spoof it to you................

    You would look and immediately know that that was not Fred's code for you or even my code for you.............so it wasn't genuine Basically, the sender code did not match.

  4. #4
    Senior Member
    Join Date
    Oct 2002
    Posts
    1,130
    This actually looks quite promising, not just another method to sell a new and improved product.

    What it basically proposes is that the sending domain would attach a digital signature to the email headers. The recieving end then has a convinient method to check if it came from where it claims to have come from, since, hopefully, only the sending domain would have the private key to sign the headers with. The use of signatures would essentially require spammers and phishers to break public key of whatever domain they want to pose as.

    So any two domains both agreeing to this technology would be able to filter out any email not containing a valid signature as spam. It it were incorporated into an updated RFC this would cut down on a lot of phishing attacks; at least the ones using forged addresses.

    It unfortunately does not address the use of "ebay-join.com" or "bankofamerica-security.com" or similar domains which are also frequently used to fool ignorant users.

    Cutting down on spam (not just phishing) mail which only advertises a product would require mail servers to only accept email from valid domains. Quite often the domain the mail claims to be coming from simply doesn't exist, which would make signature verification impossible. This is difficult, however, because many domains don't resolve or have no MX records to verify this, which would result in smaller domains with fewer resources being tagged as spam senders.

    I agree though, it is a step in the right direction. But only part of the solution as a whole which I hope will someday exist. So it will stop a fair amount of phishing and some email, but will only see its true potential when everyone adopts it, which may take years, if it all.

    <EDIT>
    Two people replied in the time it took me to write this... wow
    </EDI>
    Government is like fire - a handy servant, but a dangerous master - George Washington
    Government is not reason, it is not eloquence - it is force. - George Washington.

    Join the UnError community!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •