From the discussion thread surrounding the William Elan proposal for a
message-by-message authentication process:
Subject: [Asrg] 6. Proposals - C/R and "callbacks"
However, the bottom line here, is that why go through the trouble of
checking every single message. Granted that it increases costs,
nevertheless if we can significantly reduce the problem through
verification of MTAs as opposed to senders and messages, why go through
the extra costs of message verification. This proposal is on the table,
but we will pursue it only if a significant advantage vs. costs can be
proven for this way of doing things, over others requiring less costs.
A simple overhead reduction enhancement would be to include an "interval
during which it was valid" value in the reply from the authentication
process. Why generate a unique authenticator for every message sent?
Instead, use the same authenticator for all messages sent by an individual
for a period determined by the sending mail administrator, perhaps a few
hours.
This permits caching of the authenticator value at the recipient mail server
to reduce repeat authentications where users are emailing each other back
and forth, yet would frustrate spammers since it wouldn't be possible to
accumulate a list of forged authenticator values fast enough to build a
decent spam list.
Finally, such a system would allow the recipient or recipient ISP to decide
whether to forward/open the mail. If you want to receive mail with
unverifiable headers and dubious origin, you can. Thus no issues of free
speech, etc. Basically, no one is prohibited from sending but recipients
would be informed as to the validity of the originator informtion. Most
would simply automatically delete such mails, thus eliminating the
effectiveness of spam as a reach medium.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg