Philip Miller <millenix(_at_)zemos(_dot_)net> wrote:
The major problem with this is that a great many emails are not 1 to 1
messages. This one, for example, it addressed to you, and thus would have a
unique ID between us embedded in its headers, but it's being copied to the
list, where anyone could get it and forge messages between us.
That's easily solved, so long as there's a web of trust between
originator and final recipient. e.g. Something like Yahoo's DK, but
signed on a sender/recipient pair:
originator: X-Magic-Header = nonce + sign(nonce, originator, list)
list: X-Magic-Header = nonce2 + sign(nonce2, list, list-sender)
list-sender: X-Magic-Header = nonce3 + sign(nonce3, list-sender, recipient)
This does mean that every message suddenly becomes unique, which has
issues for multiple RCPT TO's. The alternative is to supply the
signing information in the SMTP envelope, along with the RCTP TO
(somehow).
Provided the signing keys are per-MTA, and the chain of signatures
is maintained, every message would then be traceable and thus
accountable. Whether this method would do anything to stop spam is
another question.
Alan DeKok.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg