ietf-822
[Top] [All Lists]

Re: authenticating the source of mail

2002-05-07 13:55:15

for instance, if major ISPs processed authenticated mail faster than
non-authenticated mail, this would provide some incentive for sites
to authenticate.

Spam doesn't go away, it just gets delayed. Spammers don't care if the
spam is delayed. 

yes, but virus writers do care, because it affects how fast their
viruses propagate, and how likely they are to be stopped.

Meanwhile, the people that do care are pissed that they
have to go through extra effort to get past the asshole postmaster.

you can probably make the amount of delay volume-sensitive so that 
occasional messages are not sigificantly delayed.  and the major ISPs 
might sign on just to reduce their costs.

similarly, if businesses refused to accept any non-text mail that
wasn't authenticated (bouncing such messages or issuing MDNs saying
an attachment was deleted) then sites would have a reason to
authenticate.

This is getting closer, but I don't see businesses wanting to even imply
that mail from potential customers is not going to be accepted. 

no but they might impose controls in practice.

What if a customer's mail client send multipart/alternative by default?

it depends on what the alternatives contain.
 
These items are useful for increasing the visibility of signed mail, which
is certainly important with an elective system. 

perhaps, but that was not exactly my intent.  the point is that while mail 
cannot be trusted in general, it's deserving of somewhat more trust if
you can reliably trace the mail to a source, especially if you can verify
that that source has agreed to accept responsibility for not sending abusive 
mail (viruses and/or spam).

However, I don't really
know how practical any of these measures are (see above), 

the devil is in the details.  small changes can significantly affect the
practicality.

Also, consider things like network appliances that send activity alerts
without signatures, so there will always be a high percentage of mail
which is unlikely to be signed for decades to come. 

the signature doesn't have to be end-to-end, as long as you can trace
it to a party that accepts responsibility for it.

Not harping, but that is one of the benefits of a new model. The default
scenario is that mail is trustworthy, so stuff from outside the network is
automatically presumed to be untrustworthy. 

you still have the burden of getting it deployed.  is it easier to
deploy a completely new mail system along with a security infrastructure
that lets you verify the source of a message, or just to deploy a security 
infrastructure that works with the existing mail system?

either way, it makes more sense to thinking about what problem to solve
than it does to start with a solution and look for problems.

of course, this isn't even close to a fully-fleshed-out proposal.
but perhaps other people would also like to think about solving the 
virus and spam problem.  we've already tried clamping down on open 
relays, IP and domain blacklists, spam and virus filters, and they're 
not working terribly well.  we need something else.

Keith

<Prev in Thread] Current Thread [Next in Thread>