Hi altogether,
I'd like to bring the discussion a little bit in a shape
by asking you to keep the discussion about a solution
separate from the discussion about how to implement it.
I'd like to discuss the method in principle of how to
block spam separately from how we could implement this
method.
Should we start to write a web page to collect the
discussion results? Digging through the mail heap
is a little bit bothersome.
Furthermore, we could split the methods in two groups,
the absolute and the relative methods. Absolute methods
apply to the whole world in the same way (e.g. a RMX
record or a X.509-S/MIME signature would be the same
for all possible recipients), while relative methods
apply only to certain recipients (e.g. cookies).
Currently, I see the following methods:
- Restrict sending with a certain sender address/domain to
a limited number of IP addresses (which might be bound to
a short time interval).
Implementations: DNS (RMX, MX, A,...)
LDAP?
Specific service?
- Restrict sending to those who know a certain cryptographical
secret bound to their personal identity.
Implementations:
Message Signatures (S/MIME, X.509, PGP,...)
Authentications (challenge/response...)
address tricks (john+xxx(_at_)doe(_dot_)com)
- Restrict sending to those who have any kind of relationship
with the recipient
Implementations:
Cookies (e.g. in the header, in HTML refs, in News articles)
Address tricks (john+xxx(_at_)doe(_dot_)com)
Message ID tricks (e.g. need to reference a message which
was originated from the recipient)
- Whitelisting
Implementations:
...
- Blacklisting
Implementations:
...
- Content Security
Implementations:
Text analysis
Spam message database
Hadmut
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg