Unfortunately, email is insecure and very exploitable. The standard for email was designed in the late 60s and early 70s, long before spam and other types of abuse existed or were even thought of. Today, we live with the repercussions of the insecurity and exploitability of the original designs of the email standard. We can't fix the holes/problems without redesigning the email standard and necessarily upgrading every email server on the internet at the same time. It's a monumental and impossible task to upgrade every server at the same time, so we live with the problems.
So what can we do about emails with forged/spoofed senders? The short answer is to upgrade spam filters with those that are capable discering between spoofed and non-spoofed emails. Typically, these filters rely on SPF - but we'll never resolve this problem until SPF becomes required or the standard is redesigned. I'm not holding my breath for that.
No comments:
Post a Comment