See RFC 2487 (SMTP + TLS). Everyone who handles the message needs
to be trusted. But you can only determine/prove trust with the person
you're currently talking to. This is a problem...
I don't think this needs to be a major problem.
We could view forwarding as simply a different form of mailing list
subscription. The result is very similar, I receive a stream of emails from
a particular source.
A consent registration scheme for email would be equally applicable to
mailing list forwarding. So I would not accept the forwarded mail unless
there was a consent token. If mail was forwarded without such a token it
would trigger the consent request mechanism.
There is still a difference in the trust model. In effect I would be relying
on the forwarding mail server to also act as my spam filter, at the very
least I would be relying on the forwarding mail server to provide me with
the information I would require to run through my own spam filtering system
and to trust that it is provided correctly.
Phill
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg