From: Yakov Shafranovich <research(_at_)solidmatrix(_dot_)com>
...
These four accounted for about 84% of all MTAs with the other MTAs were 1%
or less. Of these, qmail and sendmail account for 59.28% of all MTAs, with
the Windows ones accounting for the other 24.27%.
IF a CRI protocol is implemented and both qmail and sendmail support it,
that would mean that a sizable majority of the Internet would support it.
...
There is a very large difference between the the current versions of
a package supporting something and installations of the package
supporting it. It is not only that I suspect most SMTP servers are
more than a year behind in current releases, but that having facilities
available in the code is not at all the same as turning them on.
A good case study is SMTP-TLS. Sendmail and other STMP implementations
have supported SMTP-TLS for a year or two. Turning on SMTP-TLS
in sendmail is easy, one you figure it out the OpenSSL documentation.
It is entirely upward compatable and a Good Thing(tm) for a bunch
of reasons. However, as far as I can tell the vast majority of
the Internet does not support SMTP-TLS and practically none of the
minority that does has done the trivial additional work to make
available their certs. It's only a slight exaggeration to say that
I see almost as many signs of SMTP-TLS in my logs from spammers as
from legitimate SMTP clients. In truth I see little of either,
but some of both.
Before you say that everyone cares about spam but not about mail
confidentiality and security and so your protocol would be different,
please say why ISPs that would have to turn on your protocol have
not done what's necessary to find and crush spammers. Why did
Earthlink reportedly spend months and millions of dollars of
technician and inside lawyer time chasing the Buffalo Spammer while
the outside lawyer pin him in days?
Vernon Schryver vjs(_at_)rhyolite(_dot_)com
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg