This raises an interesting issue for the group in general. If the current
spam problem is not fixed, would there be a move to proprietary
alternative
email solutions such as this one?
Thats a very good question, I can see a two tier system developing with trusted
transport being used where it is available and much less credence being given
to mail arriving through the older mechanisms.
I'd like to think that a trust system could be added to ESMTP as a new verb and
MTA's could take appropriate action, therfore as the new verb spreads in use
more MTA's would begin to reject mail not sent using it.
We had a discussion at http://james.apache.org where it was proposed that we
consider blocking mail from unknown hosts with a new temporary rejection code,
carry out a check on the host (which has also verified all upstream hosts)
which can take as long as it needs to beacause we've told the sender to wait,
then if we like it call it back and use ETRN to poke it to send us the mail, or
when it tries again issue a 5xx and tell it that it is not trusted.
The beauty of this system is that you could also use both trusted and untrusted
SMTP, but you would be able to distingush between mail from trusted hosts and
mail from untrusted ones and handle it accordingly. You might want to
quarantine the untrusted mail or use content filters, but fast track trusted
mail.
As far as the checks are concerned simply checking the sender automatically for
open-relay would make an impact, using private include/exclude address lists
and publicly maintained lists would also help.
As the implementation of the system spread it would become possible for servers
to refuse totally to accept mail from untrusted sources, for trust to be
communicated using the existing trust certificate mechanisms, and for chains of
trust to be created which would in theory allow for quite extensive free
movement of mail using SMTP and with the exclusion of anonymous senders.
d.