My gut feeling is that if you're forced to use your ISPs MTA against
your will (which boils down to being a residential cable/DSL customer)
then your ISP's reputation is going to be pretty low anyway (simply
becuase of the nature of virus infected and compromised machines that
exist on a typical residential broadband network).
Agreed -- in the short term. In the future, though, I think we may see a
drop in such activity, so the long term seems brighter to me.
With some ISPs, we'll see a drop in that activity. Comcast, for example, has
been rather proactive about rate-limiting outgoing SMTP through their
smarthost. On the other hand, there are many ISPs that don't care.
I'd much rather the alternative, that only my reputation applies to my mail.
Surely MARID makes more sense in a world where people (again)
configure their MTAs to deliver direct, rather than smarthosting off
For sure. For me, that's a primary goal -- a sort of rebirth of end-to-
end in email. If you can hold people (or at least groups under a domain)
responsible directly, there won't be so much policing neccesary.
That is probably the strongest reason I support the MARID effort. I
currently cannot send directly to certain large domains because I'm on
This is also the reason I support something simple and lightweight, that
protects HELO or MAIL FROM instead of body headers. If the recipient has a
domain that will put its reputation on the line to vouch for a message, it
doesn't need to be the one that appears in the body.
We need to create the smallest possible system that can authenticate one
protocol field in an SMTP transaction. From that, this or another group can
develop stronger mechanisms for combatting forgery and spam, but not until
after basic authentication hsa been deployed.