I would say "has permission to claim association with a domain"
linking in the identity issue in the other post. I would say that the
purpose of the authentication mechanism is to prove that the sender
has an association with an accreditation.
That the email does come from the sender address it purports to is
a fairly weak accreditation. But the sender address can quickly lead
to stronger ones. I can whitelist anyone from a domain that I put
on a whitelist. So I whitelist fred(_at_)example(_dot_)com and everyone from the
domain can get some points by inference.
[Devils advocate disclaimer]
Yes, and there are standard arguments against it:
- it will take too long to deploy
- it won't stop spam.
The people that argue those points are usually the folk whose response
to everything is it will take too long lets not start.
If we had started treating spam seriously ten years ago then every mailer
would have been fixed long ago.
99.99% of the spam I get is forged. Call me naive, but this says to
me that spammers believe that forgery is an important part of the
spamming process.
The way I look at it the spammers are using the forgery to get round the
existing filter technology and blacklists. Deny them that tool and the
existing mechanisms become more effective.
it is a geschtalt thing.
This addition would also get rid of the forged viruses & worms. If
nothing else, it would make it plainly obvious who's stupid enough to
run a system which gets viruses. Right now, I don't get viruses, but
I get tons of spam from software by antivirus companies, claiming to
have found a virus in a message I sent. The fact that the viruses are
forged, and that their "notifications" are spam, is something the
virus companies apparently don't get.
Oh they get it, they just think it is a costless way to advertise their
product.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg