Spam at one level is a security problem, it's the allowance of non-validated
sender to send messages impersonating other users.
Eliminating that (even if we could) still doesn't solve the spam problem.
A person can sent a Hotmail message saying IN THE BODY that they're
so-and-so...
how are you going to prevent false statements being made in ANY E-mail? I
don't
think you can.
Your example is "should a Cisco employee be allow to send a message from
anywhere without authenticating against Cisco" implies that Cisco doesn't
care who sends messages claiming to be from a Cisco.
So someone sends a message saying (in the body!) that they're from Cisco.
Caveat lector! Cisco CANNOT prevent that.
Easy example, is today
sitting at my desk I can originate a message from "John Chambers" letting
you know the quarterly earning are great! That's a security problem, the
message didn't originate from Cisco nor is this user authenticated...
If you're sitting on an airplane, customer site, etc., you should
authenticate in to your corporate network or send email via another channel.
Easier said than done. You may simply NOT HAVE CONTROL over how the E-mail is
being sent, ONLY able to enter your return address.
Hotmail, Yahoo, AOL, etc. all have authentication before you can send email,
they can easily stamp, sign or otherwise endorse the message before it's
delivered on the network.
You're presuming that you're necessarily using Web-based E-mail, which is NOT
always the case. (E.g. Internet cafes on cruise ships, where you're 'favored'
to send the mail using their native mail system rather than using the Web
browser... due to the satellite connection at $7+/minute!)
There is no reason that a MTA or MUA should in the long term allow
non-verifiable messages to arrive.
That depends ENTIRELY on the situation. It's dangerous to make categoric
statements like that.
It's the responsibly of the sending MTA
to stamp/sign a message on outgoing delivery. It's impossible to belive
that we can remove spam from the network, but what I want to see is good
senders not having to worry about their ability to send email and have it be
received (see recent FTC problems).
"Good senders" could STILL decide to send spam. The recipient STILL needs the
right to block stuff (even from people that they know and trust) that's outside
the boundaries of what they're used to accepting (and willing to accept) from
individual senders. And there PROBABLY needs to be a mechanism for them to AT
LEAST BE AWARE that they've received something from someone "new", and to
decide
if they want to take it or not.
This is NOT a lot different than long-established policy of when you call the
President of XYZ Corporation, and the secretary takes the call and finds out:
1) who you are
2) what company you're with
3) what the call is regarding
And then, based on that (and their knowing the Boss) they'll either deflect
your
call to another department, or present the Boss with the information to see if
he wants to take the call. And like in my proposal, he'll clarify his policy:
1) no, I'm not interested in calls like these; send 'em to Customer Service
2) Yes, put him through right away
3) I'll take it this time, but not if he calls back
4) tell him to get lost
or whatever.
Screening your calls with an answering machine is much the same... you'll let
the answering machine take it, and listen while the caller (rapidly) makes
their
case for calling them back. If you want, you can pick up the phone and take
the
call; or you can maybe call them back at your leisure.
Gordon Peterson http://personal.terabites.com/
1977-2002 Twenty-fifth anniversary year of Local Area Networking!
Support the Anti-SPAM Amendment! Join at http://www.cauce.org/
12/19/98: Partisan Republicans scornfully ignore the voters they "represent".
12/09/00: the date the Republican Party took down democracy in America.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg