ietf-asrg
[Top] [All Lists]

Re: [Asrg] Proposal for transition to authenticated email

2003-04-29 12:51:31
From: "Kee Hinckley" <nazgul(_at_)somewhere(_dot_)com>
If they can't afford the certificate, forward through their ISP.
That's what most
small businesses do now.  It's no great hardship.

Do you have any numbers to back up that?  My personal experience is
that I know hundreds of small business that are providing their own
email through DSL and other providers. In most cases the ISP doesn't
provide more than 1 to 4 email addresses, and none using the
customer's domain. What makes you think that is rare?

Well, I don't have numbers, but who cares?  There is no hardship involved in
sending outgoing mail through the ISPs SMTP server.  You don't have to use
the same domain name.

[...]

I must not have made myself clear.  It is the _recipients_ that
decide what policies
are acceptable.  If senders choose policies that aren't acceptable,
their messages
won't get through.

A proposal which is unacceptable to all the major email senders is by
definition unacceptable for the receivers.  If the receiver's adopt
it enmass--they get none of the email they want.  You *must* have
buyin from the senders before you flip the "block non-compliant
email" switch.  Otherwise your false positive rate is unacceptable to
the majority of customers.

We can talk all we want about the recipient being in control--but the
fact of the matter is that they only power they have right now is to
walk away from the table and stop receiving any email.  New standards
will involve negotiation between the major parties, not mandates from
an RFC.  (And unfortunately, the recipient is only indirectly
represented at the table, through the major ISPs.)

The purpose of the standard is not to define what is spam or what is an
acceptable antispam policy, only to ensure that the policies can be defined,
communicated, and enforced.

There could be separate negotiations or just consensus-building about what a
minimally-acceptable policy should be.  When S/MIME messages are signed with
an antispam certificate, it would be easy for the MUA to do additional
filtering beyond what the ISP does, so the end user is not totally dependent
on the ISP.

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg



<Prev in Thread] Current Thread [Next in Thread>