I propose a method of rapidly achieving a near comprehensive SPF database.
The core of this concept is that questionable unauthenticated email will be
bounced; the return of this bounce authenticates the domain. This domain
and the MTA listed in the return path of the resent bounce is now entered
into a shared database. All future emails from this previously
unauthenticated domain sent via this MTA will now be authenticated after
consulting this newly established database.
Existing SPF cannot authenticate forwarded email. My proposal employees
multiple mechanisms to transparently overcome this other major flaw with SPF
so that even forwarded email is authenticated.
Existing authentication schemes are dependent on the participation of the
senders of email. My proposal allows for the receiver to initiate the
process of authentication. I therefore call this proposal Receiver
Initiated Authentication (RIA). The process is detailed at:
http://spamfizzle.com
I argue that RIA will authenticate all questionable incoming email.
Innocent third parties will be relatively unaffected by erroneous bounces.
I also demonstrate how RIA is orders of magnitude superior to C/R.
Sincerely,
Michael Kaplan
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg