Slashdot Mirror

← Back to Stories (view on slashdot.org)

Meng Wong's Perspectives on Antispam

Posted by samzenpus on from the no-more-online-pharmacy dept.

netscoop writes "CircleID is running an interesting blog by Meng Wong, best known as the lead developer of the anti-spam authentication scheme, SPF. While touching on various recent hot issues, Meng has this to say about phishing: 'The final solution to the phishing problem requires that people use a whitelist-only, default-deny paradigm for email. Many people already subscribe to default-deny for IM and VoIP, but there is a cultural resistance to whitelist-only email -- email is perceived as the medium of least reserve. I believe that we must move to a default-deny model for email to solve phishing; at the same time we must preserve the openness that made email the killer app in the first place. The tension between these poles creates a tremendous opportunity for innovation and social good if we get things right, and for shattering failure if we get things wrong.' Right or wrong, definitely worth a read."

5 of 298 comments (clear)

  1. Default deny is dumb. by khasim · · Score: 5, Insightful

    To stop phishing, the banks and such have to STOP using email to communicate with their customers.

    The banks have your home address and your phone number.

    The only reason they use email is because it is incredibly cheap and allows them to attach advertising to their messages.

    If the banks were responsible for any losses due to phishing, you'd see them drop email overnight. Once the cost exceeds the benefits, it's gone.

  2. Meh. by FhnuZoag · · Score: 5, Insightful

    If we default-deny email, what do we have left?

    In the end, it is at times absolutely necessary that complete strangers can contact us without prior warning. If we don't have email for this role, then we need something similar to replace it.

  3. Phishing is easy to recognize by 4D6963 · · Score: 5, Informative
    Phishing is easy to recognize, well at least for us the leet slashdot geeks.

    But I still wonder why mail providers don't scan the typical phishing mails (PayPal and eBay) and check whether the links point to ebay or paypal's site or some obscure IP.

    I'm pretty sure that checking such typical phishing mails for their authenticity this way would help getting inboxes rid of it. My two cents..

    --
    You just got troll'd!
  4. Too much trouble by squeemey · · Score: 5, Interesting
    All this trouble would have been avoided by charging for email in the first place.

    My proposal:

    Charge 3 cents per letter. One cent goes to the ISP sending the mail, one cent to the ISP receiving the mail, and one cent to the recipient.

    The ISP on either end would credit/debit the sender/receiver's account.

    And watch the spam disappear.

    --
    Bill
  5. Spam is a social problem, not a technical one. by Futurepower(R) · · Score: 5, Insightful

    When a problem seems very very difficult, maybe it is being viewed in an incorrect way.

    Spam is a social problem, not primarily a technical one, and the solution is social.

    Here's a solution that would work if we had a real leader as president of the U.S., and not someone who is only interested in benefiting the rich.

    The president could, during a scheduled speech, ask people never to buy anything advertised with unsolicited email. He could talk about several ways such email is dishonest.

    It could be arranged that Oprah Winfrey ask people not to buy things from spam. Religious leaders could ask their congregations.

    This kind of solution has already worked. Everyone in the world knows to wash their hands; that has become part of human culture. We need to make anti-spam part of human culture.

    --
    Before, Saddam got Iraq oil profits & paid part to kill Iraqis. Now a few Americans share Iraq oil profits, & U.S. citizens pay to kill Iraqis. Improvement?