On Mon, 17 May 2004, Joshua Leisk wrote:
<SNIP>
I propose that we need to construct a global registry of certified
closed-relay, 'spoof'-proof email servers, married to the verified details
of the server's owner, who are possibly placed under a financial security
bond, depending on the age of the domain name and previous history, to
operate it SPAM-free and then prevent all 'registered' email servers from
receiving email from any 'unregistered' email server (or be cleaned and
filed separately - see "'Softer' Variation of the Concept"), or accepting
email client submissions from clients not using an encrypted password
authentication, eg. SPA.
You will no doubt receive many replies stating why this practice would be
undesirable, but even if correct, those reasons have nothing to do with
why it is unlikely to be adopted. After all, many undesirable practices
survive quite hardily.
The basic problem is a lack of recipients willing to reject mail mail from
uncertified senders. Consider that in the early days of this project only
a few senders will be certified, and even if they are large and important,
any MTA operator who required certification before accepting mail would be
rejecting half their legitimate mail too. Of course, receiving MTAs might
ust white list certified servers (rather than reject uncertified ones), to
avoid rejecting spammy looking but legitimate mail from them, but that
provides only a tiny incentive for legitimate mailers to sign up for
certification. But that practice would provide a large incentive for
borderline spammers to try to get certification, and "regulatory capture
theory" (look it up) suggests that some will succeed. Eventually
certification will (in a statistical sense) predict spammy mail.
Transitions are sometimes very hard.
Dan Feenberg
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg