[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Authentication and email

To: wgchairs@ietf.org
Subject: Authentication and email
From: Gonzalo Camarillo <Gonzalo.Camarillo@lmf.ericsson.se>
Date: Mon, 27 Jan 2003 16:35:04 +0200
Cc: Dean Willis <dwillis@softarmor.com>

Folks,

what happened finally with Dean's proposal of implementing security (at
least authentication and authorization) in the IETF mailing lists?

At present, IETF's SPAM filters take the From field of any incoming
message, and if the address belongs to a subscriber, they let the
message thru. However, in the last days, many SPAM messages received by
the SIPPING and SIP mailing lists tried to use real subscriber's email
addresses in the From field.

It is true that sometimes their guess is wrong. For example, today we
received a mail from "camarillo@ericsson.com". If they had used
"gonzalo.camarillo@ericsson.com" instead, the message would have passed
all our filters.

Maybe it is time to reconsider Dean's proposal, before spammers get a
little cleverer.

Gonzalo

Follow-Ups:
- Re: Authentication and email
  - From: Harald Tveit Alvestrand <harald@alvestrand.no>

Prev by Date: Re: SFO IETF meeting
Next by Date: Re: SFO IETF meeting
Previous by thread: RE: [iesg-secretary #4659] FW: draft-ietf-snmpconf-bcp changed by Hargest, Jacqueline
Next by thread: Re: Authentication and email
Index(es):
- Date
- Thread