People,
I came to this discussion late, so if this topic has been brought up
and dismissed already, please inform me.
It occurs to me that one way to deal with the SPAM issue is to force
senders to authenticate themselves. The sender's MTA would have to
query a kerberos server and get a ticket. The ticket has to be sent
with the message somehow. The receiver's MTA then checks with the
kerberos server to verify the ticket.
Then, the receiver's MTA would handle the message according to policy
set by the receiver. There are several possibilities:
1) The sender is unknown (this covers backwards compatibility and also
failures in the authenticator)
2) The sender authenticated as a known spammer
3) The sender authenticated as a known trusted party
4) The sender sent a fraudulent message
5) The sender authenticated but is not known to be trustworthy or
untrustworthy.
I haven't a clue what the details of this scheme might entail. Is
there some fatal objection I don't see?
Many thanks,
Jeff
--
Jeff_Silverman <jeff(_at_)commercialventvac(_dot_)com>
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg