From: "Kee Hinckley" <nazgul(_at_)somewhere(_dot_)com>
Well, I don't have numbers, but who cares? There is no hardship involved in
sending outgoing mail through the ISPs SMTP server. You don't have to use
the same domain name.
As a small business owner--I care. And you're living in a fantasy
world if you think it's not a hardship. It's not even *possible* for
most small business. The ISP does not provide the service, and does
not want to.
Well if there really are ISPs that don't provide SMTP service, you can contract
with
someone else to do it. There may be a slight expense, but it would be pretty
trivial. There are plenty of people who do it now. Fighting spam will require
some
kind of control over sending mail. There's no way around that.
The purpose of the standard is not to define what is spam or what is an
acceptable antispam policy, only to ensure that the policies can be defined,
communicated, and enforced.
Ah. Then please remove the double-opt-in requirement from the standard.
There is _no_ double-opt-in requirement. What I proposed is
"In the certificate, the responsible party (generally ISP) must
indicate which anti-spam policies are followed and procedures for
dispute resolution. It must include a party (which can be CA or
third-party) which will indicate whether the entity is following the
declared policies and dispute resolution procedures.
(e.g. must have automated certificate-revocation checking)."
The exact policies that are used are up to the sender. The minimum policies
that
are acceptable to the recipient are up to the recipient. The standard would
specify
a syntax for describing the policies, but not what policies are used.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg