Michael,
... maintain a list of outgoing emails sent by each user ...
... some stuff snipped ...
the info for a message needs to be
available as soon as the message has been sent
... more snipping ...
can be addressed by holding all incoming challenges
and preventing them from reaching the user's inbox
for 10 minutes (or whatever length of time).
This proposed "resolution" to the problem of C-R requiring a record and for
that record to be available straight away would be largely unacceptable to
any mail provider of any magnitude because of the cost of this recording
and buffering, not to mention the operating costs of a highly available
distributed system capable of reconciling the challenges with the
responses.
As I've pointed out to you before the problem of spam is the unacceptable
cost burden placed upon mail infrastructure providers, much more so that
than the inconvenience of individual users. You cannot solve the former if
your proposal has costs of a similar order of magnitude and the same set of
cost drivers, namely the volume of spam.
If the costs of managing genuine mail was high, but resource consumption
decreased because spam was removed from the picture then your solution
would be cost effective. However it still appears that the cost is directly
proportional to the volume of unwanted messages. Not only that but also you
are pushing some of the cost burden onto downstream systems, if a challenge
issued by your system increases costs for other people, people for whom
there is no benefit, it is doomed to failure.
Imagine that I am Yahoo and you are Joe ISP with 1000 mail accounts, how
can you possibly hope to accomodate the unpredictable number of challenges
I send you in response to forged mail? You can't. You are faced with high
running costs and potential DoS to you users, and the financial
consequences to your stock, caused by my legitimate use of your system as
designed.
I'm concerned that you seem hell bent on flogging a dead horse here.
A number of people have raised detailed weaknesses with your proposal.
You seem to prefer to address these in isolation rather than view the big
picture.
You seem to be making the fatal mistake of going round in circles.
d.
***************************************************************************
The information in this e-mail is confidential and for use by the addressee(s)
only. If you are not the intended recipient (or responsible for delivery of the
message to the intended recipient) please notify us immediately on 0141 306
2050 and delete the message from your computer. You may not copy or forward it
or use or disclose its contents to any other person. As Internet communications
are capable of data corruption Student Loans Company Limited does not accept
any responsibility for changes made to this message after it was sent. For
this reason it may be inappropriate to rely on advice or opinions contained in
an e-mail without obtaining written confirmation of it. Neither Student Loans
Company Limited or the sender accepts any liability or responsibility for
viruses as it is your responsibility to scan attachments (if any). Opinions and
views expressed in this e-mail are those of the sender and may not reflect the
opinions and views of The Student Loans Company Limi!
ted.
This footnote also confirms that this email message has been swept for the
presence of computer viruses.
**************************************************************************
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg