mandatory simply won't work. there is no global authority agency to
enforce mandatory anything. it's participant incentives or it's nothing.
that's my assessment also.
for instance, if major ISPs processed authenticated mail faster than
non-authenticated mail,
ISPs have their own incentives. They care about complaints from their
customers. They do not care about much more.
ISPs care about profit, which equates to cost and market share.
Figure out a way to significantly reduce cost of dealing with spam
and/or to increase market share and ISPs will be interested.
I think I have a handle on the former.
It is mail originators and recipients who are the "participants" that must
press for the mechanisms.
ISPs participate also. Their costs of dealing with both spam and viruses
are significant. A number of ISPs are now using filters or interception
proxies to control mail flow to give them a hook to monitor and/or filter
traffic for spam and viruses. (perhaps also for government surveillance,
though I'm not sure about this) I don't like interception proxies, but
this tells me that some ISPs are willing to invest some in infrastructure
to discourage such abuse.
the other trick is building an infrastructure that allows authenticated
mail to be verified and traced to the source, and one which facilitates
quick reporting and suppression of sources of abusive mail.
as long as it has incremental deployment and use, and incremental value,
then maybe it is worth considering.
agreed that these are necessary conditions.
Keith