From: J C Lawrence <claw(_at_)kanga(_dot_)nu>
If you do it via consent tokens, the user can see all the consent tokens
he as acquired from others, and the consent tokens he has grated
others. He doesn't (necessarily) see how or why those tokens were
created or exchanged, or what traffic takes advantage of them.
sounds a little messy, and confusing for a new internet user to deal with.
Note that this process exposes another spam vector. As systems will
have to maintain their private lists of consent tokens, then an obvious
spammer approach is to compromise systems (and subscribe to large
mailing lists) and collect tuples of address pairs and consent tokens.
If they can then inject forged mail with the appropriate envelopes and
tokens they can bypass the system.
Messier, and less secure that temporary whitelisting/choicelisting.
John Fenley
side note:
=====================================================
I have updated my plan to allow notification of delivery failure to list
managers. This was lacking in the previous version, and I think it nicely
rounds out the plan.
www.pontifier.com/database.html
www.pontifier.com/challenge.html
_________________________________________________________________
Add photos to your messages with MSN 8. Get 2 months FREE*.
http://join.msn.com/?page=features/featuredemail
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg