June 2nd, 2005, 08:01 PM
Cisco, Yahoo! Tout New Spam Killer: Cryptography
An updated version of the article
The tech firms announced late Wednesday that they have forged together two means of harnessing cryptography. The hybrid code technology will help determine whether an e-mail sender's address is bona fide or false--as spammers often evade capture via counterfeit addresses--and reject any mail from spurious sources.
Wonder how long it will take the spammers to find a way around this.
Wise men talk because they have something to say;
fools, because they have to say something.
June 2nd, 2005, 08:14 PM
I wonder how much of this new wonder code is simple reverse lookups and SMTP RFC compliance.
hybrid code technology will help determine whether an e-mail sender's address is bona fide or false--as spammers often evade capture via counterfeit addresses--and reject any mail from spurious sources.
Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden
June 2nd, 2005, 08:19 PM
Probably not long, as the concept already exists. I am referring to worms/trojans/viruses, that would use your system and thereby produce an apparently valid address.
However, on the positive side, as soon as spammers do that they will be breaking a lot more laws in a lot more countries?
From what I can see of the somewhat brief description, this will at least take a lot of the "amateurs" out of the game?
I used to play that little game years ago. We would all put a code in the message header for the person we were sending the e-mail to. So if a nasty got into my system and found an e-mail for me from my mate Fred, it would spoof it to you................
You would look and immediately know that that was not Fred's code for you or even my code for you.............so it wasn't genuine Basically, the sender code did not match.
June 2nd, 2005, 08:23 PM
This actually looks quite promising, not just another method to sell a new and improved product.
What it basically proposes is that the sending domain would attach a digital signature to the email headers. The recieving end then has a convinient method to check if it came from where it claims to have come from, since, hopefully, only the sending domain would have the private key to sign the headers with. The use of signatures would essentially require spammers and phishers to break public key of whatever domain they want to pose as.
So any two domains both agreeing to this technology would be able to filter out any email not containing a valid signature as spam. It it were incorporated into an updated RFC this would cut down on a lot of phishing attacks; at least the ones using forged addresses.
It unfortunately does not address the use of "ebay-join.com" or "bankofamerica-security.com" or similar domains which are also frequently used to fool ignorant users.
Cutting down on spam (not just phishing) mail which only advertises a product would require mail servers to only accept email from valid domains. Quite often the domain the mail claims to be coming from simply doesn't exist, which would make signature verification impossible. This is difficult, however, because many domains don't resolve or have no MX records to verify this, which would result in smaller domains with fewer resources being tagged as spam senders.
I agree though, it is a step in the right direction. But only part of the solution as a whole which I hope will someday exist. So it will stop a fair amount of phishing and some email, but will only see its true potential when everyone adopts it, which may take years, if it all.
Two people replied in the time it took me to write this... wow
Government is like fire - a handy servant, but a dangerous master - George Washington
Government is not reason, it is not eloquence - it is force. - George Washington.
Join the UnError