Vernon wrote:
It's discouraging that people are still saying that authentication
would fix spam years after common MUAs (e.g. Netscape) can send and
check signatures and/or keys and SMTP-AUTH, SUBMIT, and SMTP-TLS are
universally available.
What I find discouraging is the conytinual dismissal of possible
solutions based on little of no apparent logic (and usually by
people who have an alternative solution to push).
SMTP-AUTH is specifically desgigned for a closed trusted environment
(read the RFC - the words it uses are "within a trusted enclave") so
it's not at all surprising that it hasn't been deployed to solve a
problem in a wide-open uncontrolled environment. Do SUBMIT or
SMTP-TLS have relevance to our issue any more than SMTP-AUTH does? I
think not!
Although some MUAs have signature/checking capabilities, rather a lot
have no such capability. Do any of the webmail systems have such
capability? Even where an MUA has the capability, is it usable by
the average user? Plainly and simply, the signature and checking
capabilities of current MUAs are not designed to address our issue.
So the arguments quoted above are completely irrelevant to the
solution they were used to attack.
Let's try to be constructive about the various proposals made,
instead of destructive.
Tom Thomson
Post Script: I suspect vernon will be very unhappy if the group
ends up supporting approaches other than one particular one; but
I'm not going to decry that particular one because it wasn't
invented here, and I just wish he would show other members of this
list that same courtesy. We are going to need to apply lots of
partial solutions and not reject anything that is useful just
because it will not solve more than 90% of the problem on day one.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg