Products > Security
Emails sent via SMTP AUTH reveal the sender's IP
golden_labels:
SPF and DKIM are not protecting against spam. They authenticate the sender MTA, preventing spoofing. That’s a security issue, not a mere inconvenience. Deploying SPF or DKIM for a botnet is also a relatively high cost, so coincidently they limit the amount of spam by making address-based circumvention harder (note the emphasis). But they can’t stop spam. In particular in the extended meaning of word “spam,” which most people use.
The problem of spam can’t be resolved by purely technological means either. It’s a societal issue. Similar to other blind alleys of history, the arrival of computers spawned a wave of narrow minds believing their new toys are a panaceum and the final solution to all trouble of mankind. But they’re not and that kind of problems fail to be resolved by technology. Worse: even from purely technical perspective it’s unsuitable for the task. It’s like building and hiding in a fortress… with “the enemy” being on the inside. Spam doesn’t exist, because a bunch of idiots have nothing better to do, but to send it. Where there is demand, there is supply. Spam continues, because recipients actually use it. Senders merely make a reasonable decision and adjust to the demand, filling voids in the market.
peter-h:
You can't stop spam but DKIM enables a recipient to implement a whitelist of trusted senders, which is a good thing. How many actually do that, I have no idea. I used a filtering outfit for many years (Messagelabs, until they disintegrated, and then some German outfit called Hornet Security which went mad, organisationally, crazy reseller who deleted our account) and it was possible to set up a whitelist but based on the domain, not simply based on DKIM.
These outfits also offered SMTP AUTH but I don't know if they offered the IP header suppression. Probably not...
Navigation
[0] Message Index
[*] Previous page
Go to full version