On Sun, 2004-03-21 at 23:13, Yakov Shafranovich wrote:
However, this is an anti-spam group and within the context of fighting
spam, how will this help? The problem that I have is that there are
several identity schemes here and none of them address the point of what
do you do, once the identity is established. There is IP identity,
domain/IP identity (LMAP/MARID), more heavier cryptographic identities,
etc. All of these lead into the same point - once the identity has been
established, what happens then?
I beleive that authentication and reputation services can and should be
separated. Authentication services (that include protocols like LMAP
and certification authorities) establish solid facts about senders, and
thus are policy agnostic. On the contrary, reputation services may
differ greatly in their listing/delisting policy, "level of certaintly"
etc.
Thus, mail system administrators can use a single way to authenticate
senders, or one of limited number of ways. Once sender identity is
established, it can be checked against a subset of potentially very
large number of reputation services, selected in accordance with local
policy/preferences.
Eugene
signature.asc
Description: This is a digitally signed message part