ietf-asrg
[Top] [All Lists]

Re: [Asrg] 2a. Analysis - Developer Perspective

2003-09-12 13:28:04
First, let me point out that as a developer, you should be aware that simple lists of authorised nodes do not scale to Internet proportions. There's a document explaining the technical considerations all proposals should look at.

If we wish to finally address the spammer problem it will not be solved
using the current open, free for all outdated SMTP framework that we have
today.

The solution is based in LOCKING out the unauthorized system using enhanced
SMTP authorization solution.

Anything else, and we are just wasting time.

How about you look over my recent draft paper on "E-mail Authentication", the link to which can be found in this month's archive. You might find that my scheme covers what you want, but in a way that is far more scalable than Fidonet. Tell us what you think of it, good and/or bad.

BTW, yes, we are aware that until a final solution can be found, all we have is an escalating war of countermeasures. We'd dearly love to be able to throw out SMTP right now and put in something new and shiny.

The sad fact of the matter is that ISPs and users cannot and will not migrate all at once, indeed such a migration would probably take a decade or more. Administrators do have some fear of change, but users even more so, and there are a lot more of them. As developers, we have a responsibility to craft solutions that make any such migration as painless as possible.

--------------------------------------------------------------
from:     Jonathan "Chromatix" Morton
mail:     chromi(_at_)chromatix(_dot_)demon(_dot_)co(_dot_)uk
website:  http://www.chromatix.uklinux.net/
tagline:  The key to knowledge is not to rely on people to teach you it.


_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg