Given a choice, an unencumbered solution is considered before a
proprietary one. The messagelevel solution adds an out-of-band protocol
between MTAs to confirm each mail message. Using the existing
infrastructure as with SPF has an advantage of requiring fewer new
elements and exchanges. Confirming a valid sending IP of the domain and
not signatures for each message has an advantage of scale that can also
be mitigated within an existing cache. Requiring a provider to query
for every spoofed and real message will create a problem and not a
solution as you propose. Many MTA systems are approaching network
limits and this proposal adds to this network traffic substantially.
On Mon, 2004-04-19 at 18:46, Bill Mcinnis wrote:
After watching the back and forth on this list for the last
several months I just wanted to join in and get some feedback
as to why no one is discussing how to answer the one fundamental question,
"Did you send me this email" and why no one has come
up with the answer "Just ask me and I'll tell you" (at the
Please take a look at www.messagelevel.com and give us
These ideas are based upon patent filings and prototype
systems several years in the making. Message Level also
distributed a whitepaper (which is fully documented both
publicly and privately) to several of the "major players"
before the stories abruptly changed from "we are working
on message filtering" to many of the current ideas you see
circling now, which seem to be very quickly migrating to
the Message Level Patent Pending process.
Sure there is a chicken and the egg problem here (but no more
than anything else being discussed), as well as bandwidth
concerns (no more than a normal "Mail From" test) and database
concerns (which are a much better alternative than having to
rewrite dns or the smtp protocol), but the idea is the most
reliable and secure method of stopping all of this craziness.
If there is one thing we have learned over the years is that
technology just gets better, quicker, and more stable as time
We do feel as though we are getting resistance from the "larger
players" because this system does have several Patent filings
in place and they would like to make the idea their own. However,
we want to be perfectly clear that we are willing to work with
anyone interested in solving one of the largest problems on the Internet
We are finalizing our prototype systems to the API's of major
email systems and should have those rolled out by the end of
this Summer. We are also going to be making publicly available
via our website and partners a client-side application that
addresses the Message Level process without the need for a email
server implementation. Thereby enabling users to choose their
own anti-spam system to validate and secure their email.
We would love any comments and participation by anyone seeking
to address this problem.