At 16:58 16-09-2007, Michael Kaplan wrote:
I propose a method of rapidly achieving a near comprehensive SPF
database. The core of this concept is that questionable
unauthenticated email will be bounced; the return of this bounce
authenticates the domain. This domain and the MTA listed in the
return path of the resent bounce is now entered into a shared
database. All future emails from this previously unauthenticated
domain sent via this MTA will now be authenticated after consulting
this newly established database.
As this is a research group, it's good to see new proposals like
yours. Your proposal, like a few others, revolves around
Challenge/Response. Once we start meddling with bounces, we make
that feature even more unreliable.
Near universal distribution of Auto-Resend software is not as easy as
it sounds. If you cannot get the administrators to update their
systems, then you won't get hundred times more people upgrading their
software. The cost will be much more if you upgrade the client software.
CAPTCHA has been circumvented. Getting users to a website to solve a
CAPTCHA is not that difficult. If spammers did not get more than an
insignificant number of people to visit their website, they would not
have been in business. CAPTCHA also has usability issues.
A Single Universal Receiver Generated SPF Database is like having a
single worldwide authority responsible for email. This raises
questions about control and cost.
I suggest that you don't underestimate the technical prowless of spammers.
Regards,
-sm
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg