That went wrong in a couple of ways. People like C|Net and
specifically
including C|Net have well earned reputations as senders of
unsolicited,
unwanted, unasked for, irritating, commercial bulk mail.
Which it why I believe we have to have a protocol that makes
consent an empirical fact that can be checked by the MTA.
Let us get away from the whole 'he said she said' thing.
The second wrong turn is that what advertisers like C|Net want don't
matter, except to the extent it affects their own behavior. The only
people with standing to complain about false positives are people who
failed to receive mail. People who failed to send can go pound sand.
As the slogan goes, "My mailbox, my rules."
The problem is when ISPs claim this. So they have a subscriber
who pays to get an INTERNET account and then finds that the ISP
is going to decide who she gets mail from. Oh it turns out that
planned parenthood is on the ISPs blacklist.
Don't think such a thing is impossible. SPEWS recently listed
the whole of UUNET because a maintainer took a dislike to a
Web site they hosted. Several blacklists list the whole of China
and Korea.
And presumably if you subscribe to something like Amber Alert
which relays the state amber alert (kidnaped kids) warnings to
subscribers you probably want to get the messages.
How will Hotmail and Yahoo ensure that a new user is not a spammer?
They have pseudo turing tests for subscribers and they implement
rate limiting. You cannot send 100 emails a minute from a new
hotmail account. There are also limits on connections from the
same IP address.
On the other hand, if Hotmail requires a credit card number, they can
detect Ralsky, or at least wreck the credit rating of the owner of the
credit card. However, they could to that today without
Verisign's "help."
They could or they could take advantage of the extreemly
reasonable prices of VeriSign payment services.
The result of that would be to cram the Internet back into the old
AOL/Genie/Compuserv fancy BBS model.
You forget who you are talking to, I did more to destroy that
model than most people on this list.
I'm sorry to be so blunt about the Verisign nonsense, but
SHEESH--give us a break!
Don't deny yourself a tool out of spite.
If you believe that you can do just as well with self signed certs,
or raw keys in the DNS that is fine too.
Phill
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg