Filtering returning bounces based on Message-ID requires that the MX
keep a DB of known-valid IDs. This is a non-trivial expense. There are
other problems related to secondary MXes, load sharing, architectures
with multiple ingress and egress paths, disjoint arrangements (satellite
operations which handle their own deliveries but mail is routed
centrally) etc.
True.
There might be some ways to handle this using cryptographic techniques.
I am a bit rusty here so excuse any errors in logic here but here is what I
was thinking...
After the Turing test or similar authorization process, you could exchange
the information needed for using / testing digital signatures.
Then when any additional messages are sent, the new messages would have a
signature line. You could not only ensure that the person you received the
message from was "authorized" (as in the sense that one would have in
checking addresses) but also is who they say they are.
This would also help solve the problem of people with multiple e-mail
addresses. They could have lots of e-mail addresses and as long as they
had the proper signature set up at the different e-mail addresses /
accounts then the fact that they had different addresses could be entirely
transparent.
So, the any approvals and whitelisting that is done need not be done on the
originating e-mail address but could also be done on the digital signature.
Now, I am starting to get a budding idea here.....
What if..... A new digital signature were issued to each new person who you
correspond with. Then if you start getting spam from that person /
organization, you could simply disapprove them. This would get around any
possibility of people sharing information to try to get around the
restrictions.
-Art
--
Art Pollard
http://www.lextek.com/
Suppliers of High Performance Text Retrieval Engines.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg