W3C home > Mailing lists > Public > public-usable-authentication@w3.org > June 2006

RE: Why SPF and DK are not being used

From: Hallam-Baker, Phillip <pbaker@verisign.com>
Date: Sun, 18 Jun 2006 07:34:22 -0700
Message-ID: <198A730C2044DE4A96749D13E167AD37B55DAB@MOU1WNEXMB04.vcorp.ad.vrsn.com>
To: "James A. Donald" <jamesd@echeque.com>, <practicalsecurity@hbarel.com>, <public-usable-authentication@w3.org>


> From: public-usable-authentication-request@w3.org 

> In SpamAssassin, DK signatures have the same effect on a 
> mail's score whether signed by gmail, or signed by a known 
> spammers (not much effect at all).  Similarly for compliance 
> with SPF rules, though it is more complicated for SPF rules.
> 
> Since it attaches no reputation to sites that prove origin of 
> their email, it gives legitimate sites no reason to prove 
> origin of their email - and it gives spammer sites every 
> reason to prove origin of their email when they can

This is precisely the point of email authentication, so that you can build better reputation schemes. 

When I started arguing for an access control based approach to stopping spam it was not a popular approach. The only papers that could get into Paul Graham's spam conference at MIT were on Bayesian filtering and other filtering schemes.

Since then folk realise what the MIT AI lab discovered about Bayesian filtering ten years earlier: it is a better model of how people behave than it is a model of how to analyse data effectively. In particular Bayesian style assumptions are the reason that confidence tricks work so well. Trying to apply them against an adversary who is counterprogramming is a bad idea.

So since then authentication becomes all the rage. But every time we get authentication only schemes and discussion of reputation, discussion even of how to integrate reputation mechanisms is excluded from the scope.

This does not matter if you are Yahoo or Microsoft, you have such a large corpus and you are such a large percentage of the mail system that you can manage reputation locally. You can require each email sender to establish their reputation to you. Plus people who provide free services have much lower expectations from their users with respect to loss of mission critical emails.


Eventually people are going to get with the program and understand that the way to stop spam is accountability achieved through Authentication, Accreditation and Consequences.

The ability to obtain an accreditation is essential if the authentication mechanisms are going to be effective. This is why we began circulating the VeriFied Domains List which has over 100,000 authenticated domains listed on it. Very little spam comes from those domains because very little spam comes from legitimate commercial businesses at this point, it is virtually all from absolute crooks and criminals.


So the way we need to jump start the accreditation market is by providing other incentives to email senders to get accredited. I think that the idea of Secure Letterhead over DKIM is probably the way to create the necessary initial critical mass.
Received on Sunday, 18 June 2006 14:34:41 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 19:53:15 UTC