This can be done with certificates. User can either get his own certificate from
some trusted entity or he can get it from the isp itself (possibly automaticly
during the time, email is submitted through ISP mail server). The certificate
itself is verified through special dns pointer (callback) and if its ok,
added to the chain for the receiving mail server. Recepient when seeing
the message, if its spam can report it to his ISP, which either modifies
some good/bad value at its mail server as it is related to the certificate
or alerts mail admin. Certificate would also contain some trace information
about the sender (if auto-generated, this would be authorzation information
used for submission, such as userid and ip of the mail origin). Problems
still remain though as certificates by users engaged in email marketing
would be often regenerated (with new domains) so some tracking to ip
address would still be necessary.
On Wed, 5 Mar 2003, Keith Moore wrote:
On Wed, 5 Mar 2003 21:33:15 -0700 (MST)
Vernon Schryver <vjs(_at_)calcite(_dot_)rhyolite(_dot_)com> wrote:
From: Keith Moore <moore(_at_)cs(_dot_)utk(_dot_)edu>
...
me too. which is why I don't want an identity that is tracable to the
actual sender to the message; instead, I want an identity that can only
be associated with whether the sender has a history of sending abusive
Because even in Germany it is evidently easy to get new Internet identities,
I susepct you don't want a token or identity associate with *whether*
there is a history of abuse but an identity that has a long history of
no abuse, or for non-spam-friendly ISPs, just a long history.
depends on the point-of-view.
speaking as a sender of email, I'd like to be able to establish a good
reputation for not sending spam, and I'd like to be able to carry this
identity and reputation with me from one ISP to another, and perhaps even from
one email address to another.
speaking as a recipient of email, I'd like to have the ability to find out
something about the originator of any message that I might receive, before I
receive it. if the originator has a long history, that's really useful. but
if not, it's useful if I can tell that the originator has a very short
history.
e.g. oh, you just got your account today? and your ISP is notorious for
harboring spammers? sorry, I'm not going to accept any mail from you for 3
days - after which time I'll see if your reputation has suddenly become
worse...
alternatively: oh, you just got your account, but your ISP is a serious
anti-spam AUP with stiff fines for those who violate it? okay, I'll accept
mail from you then even though you are a newbie.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg