Slashdot Mirror

← Back to Stories (view on slashdot.org)

Meng Wong's Perspectives on Antispam

Posted by samzenpus on from the no-more-online-pharmacy dept.

netscoop writes "CircleID is running an interesting blog by Meng Wong, best known as the lead developer of the anti-spam authentication scheme, SPF. While touching on various recent hot issues, Meng has this to say about phishing: 'The final solution to the phishing problem requires that people use a whitelist-only, default-deny paradigm for email. Many people already subscribe to default-deny for IM and VoIP, but there is a cultural resistance to whitelist-only email -- email is perceived as the medium of least reserve. I believe that we must move to a default-deny model for email to solve phishing; at the same time we must preserve the openness that made email the killer app in the first place. The tension between these poles creates a tremendous opportunity for innovation and social good if we get things right, and for shattering failure if we get things wrong.' Right or wrong, definitely worth a read."

2 of 298 comments (clear)

  1. Too easy to fake addresses by trimCoder · · Score: 0, Troll

    I think the main issue that needs to be addressed is the ease of sending mail out as a false addresses. Default deny is great, except that the spammer will then pretend to be your aunty flow.

  2. The simple solution... by chill · · Score: 0, Troll

    ...is two have two e-mail addresses. One is whitelist only, and you never "publish" it. Only give that one out to people you want to have it explicitly. Make it clear they are not to share.

    The second address is for public consumption. Use that one for everything else, including mailing list subscriptions, site subscriptions, Slashdot postings, and anyone else you even suspect will sell/give away your e-mail address. Ideally this would be something like a Google/Yahoo/MSN address or one from your ISP.

    The first address should then be kept pristine and you never have to worry about spam on it. The second would be suspect, but some inbox rules and white/blacklists could clean up most of it.

    I've been doing this for 3+ years now and have 0 spam on my private address. Gmail does a good job of keeping the other pretty clean.

      -Charles

    --
    Learning HOW to think is more important than learning WHAT to think.