Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

There's no real email spoofing problem anymore because we have signatures proving the source on every email.

There's a phone spoofing problem because carriers are allowing spoofing, when they don't have to.



> * There's no real email spoofing problem anymore because we have signatures proving the source on every email.*

(I assume that you are referring to DKIM, and not OpenPGP or S/MIME, since the latter two are obviously not frequently used.)

DKIM signatures (not to mention DMARC to actually require a signature) are not actually that common either. Spoofing is mostly still rejected by a combination of plain old SPF and spam filtering of the mail contents. All in my experience, of course.

> There's a phone spoofing problem because carriers are allowing spoofing, when they don't have to.

Is this what Europe is doing which the U.S. isn’t? If it is, then you’re probably right. I don’t actually know. I’m just saying that whatever Europe is doing is evidently working, and any other proposed solution would have some significant benefit and proof of efficacy to be considered over a proven concept.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: