Yakov,
At 11:01 PM 3/3/2004, Yakov Shafranovich wrote:
<...>
In principle, it could have a role to play by authenticating the MTA sender.
What would you do with that information? Why is IP address insufficient
(aside from the fact there are dynamic IPs)?
If this is going to be combined with reputation/accreditation systems,
then we need to answer the questions of why future systems for reputation
would be any different than today's.
(I am not attacking here, just trying to narrow down the solution)
I don't have a spam solution but TLS can serve to authenticate one MTA to
another. This would be a variation on signed email whereby the smtp
connection is signed rather than the message. When the mail transaction is
direct between the sending domain and the receiving domain without
intermediaries, then this is functionally similar to signing the message
(though much less efficient for mailing lists). It doesn't suffer from the
replay attack scenario that Markus Stumpf described some time ago. When
there is an intermediate MTA, then the receiver would need to make an
authorization decision based on whether it trusts the intermediary to have
an effective antispam policy, e.g. that it effectively authenticates its
senders.
This takes us to the authorization problem and reputation seems to be a
scalable means to do that, but I have no answer to the problems of antispam
databases that you have mentioned previously. (I'm not even sure what all
the problems are with RBLs).
Mark
Yakov
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg