MX Logix says that spammers will be the primary users of e-mail sender authentication schemes, such as SPF and Sender ID. Well, Duhhhhhh! Who ever thought it would be any different? Certainly not I! (See Weapons Of Spam Destruction and Depending On Sender ID Is Whistling In The Dark). Who else stands to benefit as much from getting their sending identity legitimized? It’s like asking who’ll be first in line at the business license window when a town imposes a licensing requirement on retail vendors: Used car salespeople! Who else would you expect? Well, maybe barristers, but . . .
Look, we can’t secure e-mail from spammers and virus attackers by some passive means that enables the sender to control the program. If we let teenagers license themselves to drive, we’d have a bad result, right? Sender ID and SPF leave it to the sender to legitimize their existence -- no one else is really in charge of anything but checking that existence, and that’s passive and voluntary as well.
Sender accreditation aficionados think they have the answer because they somehow vet the track record of the sender and legitimize the messages. But who’s to say that those companies will never be bought off by the spammers? Who doesn’t remember Jeff Skilling, Billie Sol Estes, Bernie Ebbers, Mike Millikin, and other legitimate thieves?
I’m more certain than ever that an active, aggressive program that shuts down the spam-spewing zombie PCs hanging on to ISP servers and enterprise networks is the only answer to spam. I’m also convinced that early virus outbreak detection schemes are the only way to stop viruses. All this chitty-chat about authenticating senders and accrediting them is just so much . . . well, you get my drift.