Perhaps there is a two-fold solution: simple domain-based
authentication such as suggsted with RMX, and cryptographic
authentication for others. For example, if you really want to be
able to use your ISP to send email that appears to come from your
Yahoo account, then include a PKI certificate that authenticates
you as the owner of the Yahoo account.
RMX + cryptographic verification is great because of one more reason: it
solves a lot of problems for people who run their own mailservers
(perhaps behind a residential DSL line). ISPs frequently block egress on
port 25 because of people who run spam-spewing servers. With a way to
identify these servers and hold them accountable, this could be a thing
of the past.
I had written a (draft) paper on this sometime back (available here:
<http://www.chaoszone.org/misc/spam.html>) where we were able to show
that RMX + cryptographic verification was doable with a minimum of
infrastructure changes (modern SMTP servers with plug-in mail processors
would be able to handle the changes) and *no* protocol changes, and also
a minimum of user-retraining, since cryptographic verification would not
require novice users to maintain any keys with them: the keys would be
maintained by the SMTP server administrator.
Regards
--Prasenjeet
==
Prasenjeet Dutta
http://www.chaoszone.org/
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg