Basic idea:
Bubba writes an email to Boffo.
Bubba's MUA looks for a locally stored consent token from Boffo and
fails to find one. This is done at the MUA level as definitions are
contextual, subjective, etc.
Bubba's MUA emails Boffo for a consent token. This could also happen
via LDAP or SMTP extension ala VRFY or or or... I use SMTP as the
transport as it allows for disconnected operation (eg third world
behind UUCP, dialup, etc).
ObNote: Grammar and typing could be encoded into the consent token
request to allow requesters to describe what type of mail they want
to send to the stranger, thus allowing some forms of policy to be
stated -- but that's a feature for Good Guys, not spammers.
Boffo's MUA auto-replies with a token (which is really a dated source
address).
Thus verifying the existence of the receiver...
Bubba's MUA receives the token, stores the token for future use
(policy encoded in the consent reply), and sends Bubba's mail
appropriately.
Boffo, on receiving a SPAM can revoke the token, all tokens for that
sender, etc.
Boffo can sell the address to spammers, who will get a first provisional
token, have it revoked and then change their identity and get a new one.
Boffo can do that too.
List servers and legit marketing groups the like can auto-establish
the token arrangement at subscribe time, and auto-renew as tokens
expire.
Looks like you've just reimplemented DHCP but for mail? (Leases essentially)
Continuing to use network analogies... To send a packet, you have to make
your MAC address visible on the network. An acceptable policy. The receiver
does not need to expose himself past his local trusted switch to catch the
packet, but performs no action on the wire receive. If the packet makes it
there or not and is successfully processed by the receiver no one knows,
unless you use a higher level bi-directional protocol like TCP.
I see one possible future is analogous to TCP between consenting parties,
and UDP between non-consensual ones. Consenting parties tent not to mind to
know each other (usually) and with non-consensual ones the receiver should
not have to be known to exist. Your scheme requires that.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg