Vernon Schryver wrote:
From: "Tom Thomson" <tthomson(_at_)neosinteractive(_dot_)com>
...
SMTP-AUTH is specifically desgigned for a closed trusted environment
(read the RFC - the words it uses are "within a trusted enclave") so
it's not at all surprising that it hasn't been deployed to solve a
problem in a wide-open uncontrolled environment. Do SUBMIT or
SMTP-TLS have relevance to our issue any more than SMTP-AUTH does? I
think not!
I think that caveat about SMTP-AUTH is merely a statement of the fact
that talk about authenticating strangers is nonsense. Authentication
is only half of authentication and authorization. Does it make sense
to trust everyone outside your trusted enclave?--of course not! You
cannot know whether a stranger, whether authenticated or not, sending
you mail is also sending copies to 50,000,000 of your closest friends.
Authentication is meaningless outside "a trusted enclave."
Although some MUAs have signature/checking capabilities, rather a lot
have no such capability. Do any of the webmail systems have such
capability? Even where an MUA has the capability, is it usable by
the average user? Plainly and simply, the signature and checking
capabilities of current MUAs are not designed to address our issue.
I think that is wrong, because I think most people use Netscape, Outlook,
or Outlook express. I know Netscape has long handled cert-signed mail,
because I've tried it. I've not tried Outlook (Express), but I've the
impression they also can do it.
Post Script: I suspect vernon will be very unhappy if the group
ends up supporting approaches other than one particular one; but
I'm not going to decry that particular one because it wasn't
invented here, and I just wish he would show other members of this
list that same courtesy. We are going to need to apply lots of
partial solutions and not reject anything that is useful just
because it will not solve more than 90% of the problem on day one.
Just for my own information, could you let me know which approach I
prefer?
I can't think of anything that might qualify as a solution to spam
except what I think is inevitable legislation that will tax or license
bulk mail. That will not really solve the spam problem but only change
the spammers and limit the total spam in most mailboxes. I do hope
that the DCC might help with spam after that legislation, but it does
not qualify as a solution now or then.
How will legislation help anything? As soon as you do that, all of the
spammers will move to other countries, removing themselves from
US/Canadian/British/Whoever's jurisdiction. In other words, unless
everyone is prepared to cut off China and Russia from the rest of the
Internet, legislation will not solve the problem.
Eric