Vernon Schryver <vjs(_at_)calcite(_dot_)rhyolite(_dot_)com> wrote:
This issue seems like a minor nit until you notice how many proposed
spam defenses are based on the assumption that most spam is forged,
I've seen few defenses which make that assumption explicitely, or
even implicitely.
so that spammers cannot receive DSNs and spammers are not authorized
to use the sender addresses or SMTP clients they use.
Which brings us back to the charter. Here "authorized" == "consent".
Q: How does the recipient of an email determine that the domain
owner of the alleged "From:" consented to send that email?
For example, if 90% of spam is forged, then RMX, C/R, and
authentication schemes could do a lot against spam (modulo their
other problems). If only 10% of spam is forged, then those schemes
are limited to affecting that 10% fringe, albeit a very irritating
fringe.
These systems establish a consent framework for communication. In
my opinion, explicite consent-based frameworks will be the only methods
by which the spam problem is solved.
And until a better system is presented, it looks like attacking even
only 10% of the problem is the best option we have right now.
Or do you have a better system you'd like to propose? If so, I'm
all for dumping RMX, C/R, etc.
Alan DeKok.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg