Slashdot Mirror

← Back to Stories (view on slashdot.org)

Could We Eliminate Spam With DMARC? (zdnet.com)

Posted by EditorDavid on from the Domain-based-Message-Authentication,-Reporting-and-Conformance dept.

An anonymous reader writes: "The spam problem would not only be significantly reduced, it'd probably almost go away," argues Paul Edmunds, the head of technology from the cybercrimes division of the U.K.'s National Crime Agency -- suggesting that more businesses should be using DMARC, an email validation system that uses both the Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM). "Edmunds argued, if DMARC was rolled out everywhere in order to verify if messages come from legitimate domains, it would be a major blow to spam distributors and take a big step towards protecting organizations from this type of crime..." reports ZDNet. "However, according to a recent survey by the Global Cyber Alliance, DMARC isn't widely used and only 15% of cybersecurity vendors themselves are using DMARC to prevent email spoofing.
Earlier this month America's FTC also reported that 86% of major online businesses used SPF to help ISPs authenticate their emails -- but fewer than 10% have implemented DMARC.

5 of 124 comments (clear)

  1. "Could We Eliminate Spam With DMARC?" by rainwalker · · Score: 4, Interesting

    "No."

    See, that was easy! Technological solution to a sociological problem, and so on.

  2. Barracuda by darkpixel2k · · Score: 5, Interesting

    I'm not impressed with Barracuda. A client made a decision to buy a Barracuda against my recommendations. I installed it and couldn't find DMARC settings anywhere. It turns out they support validating inbound DMARC, but they won't sign anything outbound. I had to set up an external Haraka mail server that blindly accepted all mail from the IP of their Barracuda, signed it, and attempted to deliver it. It's such a pile of garbage.

    On another note, if you send a ~45 MB attachment to the device, apparently it clogs up and refuses to deliver. Other mail will go through without problems, but you have to call their tech support to 'force' it through.

    Barracuda is a terrible, over-priced, barely-functional product.

    --
    There's no place like ::1 (I've completed my transition to IPv6)
    1. Re:Barracuda by darkpixel2k · · Score: 3, Interesting

      I thought it was just a repackaged derivative of SpamAssassin.

      Yeah, that's basically it in a nutshell.

      Nothing you can't rapidly duplicate with a Debian install and a few salt or puppet scripts. I tested it against the previous Haraka install with spamassassin, dspam, clamav, and their 'karma' plugin, and the accuracy of the Barracuda sucked in comparison.

      --
      There's no place like ::1 (I've completed my transition to IPv6)
  3. I think that's bolocks! by 0ryn · · Score: 4, Interesting

    Most of the spam that I get comes from hacked accounts where people have used crap passwords that are easily guessed.

  4. Re:Nonsense by Anonymous Coward · · Score: 2, Interesting

    With the authenticated sender (via DMARC and SPF) you would know it is a spammer. That's the point.

    My what a rose-colored world you live in.

    Our domain receives about 1,500 mails per day that pass SPF validation. There's a cartel of spammers that are registering throw-away domains with SPF records that include their zombie senders' IP addresses. Thankfully we have other techniques to filter out those 1,500 messages with around 0.5% false positives. Since spammers have full control over their zombie network I don't see anything preventing them from passing DKIM and DMARC as well, but I've not observed them try that yet.

    Remember this: Any published tool/standard you can come up with can be implemented by scum-sucking spammers, too.