All,
One of the big problems in any authentication scheme (SPF etc) is
trying to deal with mail forwarded from mailing lists, or forwarding
relationships.
I believe that these relationships are better authenticated by
reference to the original consent to accept mail from the list. Pretty much
every relationship of this type uses a C/R style opt-in mechanism. This spec
simply extends the concept to make it double ended, user to mailing list,
mailing list to user.
The scheme can be introduced retrospectively, requires little effort
on the part of mailing list admins (indeed should help their work a lot).
Using the spec means that arguments over whether someone opted in
can be eliminated. It also allows the 'challenge spam' hole to be closed.
The only reason these challenges are sent is to subscribe to a mailing list.
The amount of data that needs to be presented to the user is very small
indeed.
It is possible to use RSS to achieve the same effect, but mailing
lists will be arround for many years yet, we have to live with them. And I
still need this technology to authenticate the link from my RSS aggregator
to my email pager.
Phill
proofofconsent.txt
Description: Text document