There has been talk in at least four forums (ASRG,
SMTP-VERIFY, MXCOMP
and main IETF list) about trust, establishing trust between
two parties
and quering third party providers of information. The SMTP-VERIFY
subgroup is also talking about exchanging information on
neutral metrics like MTA volume via some protocol.
I will check the SMTP-VERIFY archives.
I think that the scope of trust exchange in this particular domain
needs to be limited, there are trillions of emails sent each week,
there is no way that every one can be backed by an essay the
length of war and peace describing the trustworthiness.
On the other hand we do want more than binary data, there has to
be a gradation here. In practice I suspect we do not need a huge
number of levels at this point in time.
Whatever it is, we need a protocol and formats that two entities can
exchange information about trust. For example, a sending MTA can pass
via an ESMTP extension hints about accreditation and reputation, which
the receiver can use to establish some form of trust. Of course the same
can be done via DNS or some other protocol.
I think it is also useful to see a description of the domain. An
ISP or university cannot be held to the same standard as a lawyers
office. The lawyer should have very tight control over their
employees. If there are persistent spam runs then there is a real
problem that is not really explainable. An ISP on the other hand cannot
be expected to stop all spam outright, not without controlling their
customers in an unacceptable way.
Ok that would be useful. Thoughts on how to proceed with this?
Yakov
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg