Gordon Peterson wrote:
A recipient should be able to create a specific-permission
"whitelist" which lists the senders (by E-mail address) to
which they wish to assign "special" privileges.
Personally, I believe that this kind of approach will be much
more likely to result in useful throttling of spam. It addresses the
issue of "consent" that is supposed to be the focus of this research
group and has the excellent benefit of being an approach that can be
adopted by individuals without requiring changes to the existing
infrastructure.
I view the problem of "consent" as one similar to that of
"licensing" or "authorization." Basically, what you want to do is grant
different levels of privilege to people who might attempt to access your
inbox. This can be done either be creating an explicit whitelist which
is checked when mail arrives, or by providing a "license to send" to a
sender which would be a digital certificate detailing their rights and
could be attached to mail as it travels through the network.
[SPF, RMX and other DNS based approaches] comes at a high
(perhaps unreasonably high) cost to many types of users who
for legitimate reasons sometimes post from atypical locations
The supporters of SPF, RMX, and other similar approaches appear
to be well aware of these concerns yet they also appear to be relatively
unmoved by them. The response to this concern is to say simply that
users at "atypical locations" should be compelled to use SMTP
authentication or some other means to access their normal mail servers
even when at distant locations. I think that the belief that SMTP
authentication is a reasonable alternative is a bit humorous... The
assumption is that connectivity exists between the sending client and
the users SMTP server. Admittedly, these days, with a much improved
network infrastructure, this is often the case -- unlike in the old days
when connectivity was *never* assumed. However, even today, connectivity
cannot always be guaranteed. For instance, in the last few years, I have
often found myself in places like India where from time to time it can
be almost impossible to connect to a New York based SMTP server...
If we end up adopting approaches that require connectivity to a
"home" server, I'm afraid that we're going to have to define some
additional protocol that will allow a mail to be submitted at one
server, then forwarded to a home server for authentication and
processing processing simply so that we can get the headers properly
written. This "deferred authentication" process would be cumbersome,
error-prone and would probably rely on PKI technologies. Not pleasant...
Gordon Peterson, live in Dallas. I've been active in
computer E-mail and networking longer than most
It's good to see an old-timer on the list... I've only been on
the net since 1979 and so appreciate the contributions of you old
folk...
bob wyman
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg