On Fri, Apr 23, 2004 at 06:51:44PM -0400, Olson, Margaret wrote:
| In practice any identity without a reputation or accreditation system will
| be useless in relatively short order, but identity gives you a place to
| which to attach accreditation and reputation. You can hold the domain that
| owns the mail server accountable, and you can hold the domain that the
| author (sender) belongs to accountable.
I agree regarding the need for reputation and accreditation.
| This will take care of the 2821 forgery problem. Solving the 2821
| bounce storm problem does not provide a particularly useful
| accreditation hook, and it doesn't solve any of the other spamming
I am surprised to see this statement coming from a representative of the
deliverability industry. If "the other spamming problems" include the
challenge of getting legitimate commercial bulk email into receiver
inboxes, 2821 *and* 2822 based systems are both fertile grounds for
making a whitelisting decision. I know that at my company, our antispam
systems do whitelist based on the return-path, bypassing further checks.
2821 accountability only strengthen that logic.
I would encourage people to keep an open mind and, if deliverability is
their concern, to use whatever mechanisms help get mail through.
It's not all about rejecting unwanted mail. At least half the value of
a sender authentication framework comes from improving whitelisting.
Every coin has two sides. The glass is half empty and half full.