From: Matt Sergeant <msergeant(_at_)startechgroup(_dot_)co(_dot_)uk>
...
If there is a PKI, you've still got nothing. Spammers can and must
be allowed to buy certs too. Authentication is not authorization.
With authentication you've got something though - a much stronger
ability to blacklist.
That's wrong, even if you tie email addresses to official government
identities such as U.S. social security numbers. As I said, Ralsky
and other spammers would never run out of social security numbers with
which to authenticate his spam. He could pay a "homeless person" to
use certificates based on the person's social security numbers for 2
or 3 weeks of spam. At the end of 2 or 3 weeks when that certificate
is widely blacklisted, he could hire another "homeless person."
The only thing that authentication can do is prevent genuine "forgery."
Only if those who claim that the the vast amount of spam that carries
Hotmail, Yahoo, and other free provider sender addresses in
http://www.rhyolite.com/anti-spam/freemail.html is really forged would
authentication by itself have any effect on spam.
Not even if you replace the Internet with a bunch of BBSs by forcing
everyone to send mail from the same domain where they read it would
authentication affect spam. Have you not noticed that many of the
big spammers have no shortage of officially registers DNS domains with
which they in effect sign all of their spam?
Vernon Schryver vjs(_at_)rhyolite(_dot_)com
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg