On 9/1/06, Michael Kaplan <michaelkaplanasrg(_at_)gmail(_dot_)com> wrote:
I will illustrate by example. You receive an email from a stranger. As is
often the case the email is not authenticated by DKIM or Sender ID, it isn't
S/MIME signed, and it isn't using a sub-address. Your filter rates this
email as having an intermediate risk for being spam.
Under my system this email would be bounced back to the sender along with a
sub-address. The sender's MUA will likely be updated to resend this bounce,
but if it isn't then all is not lost as the sender has the opportunity to
manually resend the bounce. The stranger's email is now authenticated. I
don't think that S/MIME is able to reproduce these functions.
A shared centralized challenge-response system, which could be the beginning
of the reputation infrastructure that gets talked about here, would do the same
thing with fewer steps for the senders and no software upgrades required.
As I understand it, any proposal that requires some kind of zero-day
during which
everyone on the internet is mandated to upgrade their MUAs in order for it
to work is a non-starter.
Is your work a step towards a distributable reputation infrastructure?
Please refer to http://www.rhyolite.com/anti-spam/you-might-be.html
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg