|
This is something on which I have been pondering for quite a while now:
My company has been the victim of many spam campaigns. And I do not mean as the target or relay of spam, but many spam emails have been sent using our domain as the fake mail sender.
Fortunately I do not get angry mails from people saying that they do not want their penis enlarged and certainly do not need any Viagra (herbal or not). This goes to show that people understand what is going on here and they do not hold the fake sender responsible for the e-mail.
I do however get all the non-delivery reports (spam blocks, out of office replies, user does not exist, mailbox full; that sort of stuff...).
This is a major nuisance! I shiver at the thought how much of these garbage mails the postmasters of AOL and HotMail must get!!!
Which leads me to believe that this issue must be solved. My current thinking is that each mail should contain an X-Authentication signature containing an automatic digital signature over the mail. This header can be set by either the MUA or the first MTA (which is usually an ISP or company SMTP server). The public key of the sender should be stored in the DNS so that a receiving MTA can retrieve the public key through existing infrastructure and verify whether the sender actually generated the e-mail or not.
This signature is not meant to provide a 100% guarantee about the sender and its intention, but can help in blocking fake e-mails more effectively...
|
