If you tell enough stories, perhaps the moral will show up.


Authentication News Roundup

Two items tonight, on the Authentication Hotline

Rubbish Disguises
City financial types are being directed by firms and industry bodies to wear casual clothes on the riot days, so they don't stand out. It's a lovely idea -- take one middle aged bank operative, replace suit with M&S chinos and polo shirt and Shazam! indistinguishable from a climate change protester.

Or maybe you could try wearing a keffiyah. That should do it.

Effective Disguises
New spam trend: We're starting to get stiffy lolly spam pointing to .cn sites. The sender appears to be bright enough to realise that firms have filters which spot this a mile off, but also that there will be approved addresses bypassing the filters. So this mail is spoofed from plausible addresses. Yesterday I removed unisys.com from our approved list which should stop the immediate problem, but the attack is going to work until there's some way of authenticating envelope sender addresses.

The problem will really kick off when spammers realise that everyone has a bypass for FT.com because their news alerts are totally indistinguishable from spam.

I guess we need a checkbox. For any bypass, domain or just a single address, you need to be able to say "only bypass if the sender is spf authenticated".

No comments: