Beside regular C/R without Turing tests, I am not aware of something
that can do the same thing without changing something in the
underlying
email architechture. The whole advantage of C/R is that it does not
require anything to be changed, but annoys end-users. If you can list
some other alternatives that can verify the return address,
that would be helpful.
S/MIME does not require a change to the email architecture:-)
The issue here is deployment. An individual can deploy C/R without
any deployment dependencies on any other party.
That is only a show stopper if you are not in a position to influence
the deployment of a new architecture for a substantial fraction
of the Internet.
As people on the list know there is a coalition in existence that
has precisely that capability. One member of that coalition has
already deployed SPF, another has proposed a cryptographic
authentication proposal, yet another has made a proposal whose
details are not at present public.
Phill
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg