J.D. Falk wrote:
For example, I suspect everyone here is familiar with the forwarding
problem: forwarders or mailing lists may inadvertently forward spam, and ISP
reputation systems assume the forwarding IP is a spammer. But if the
forwarder signed the message, and the ISP could do a VBR (or similar) check
to confirm that the forwarder really is a member of the "forwarder" class
(as determined by some sufficiently trustworthy external process), then the
ISP may choose to apply a different reputation algorithm.
How would you compare such signing solution to an actual login? A
forwarder may get a password for authenticating at your server going
through an automated or semi-automated process much similar to the one
implied to enroll in the forwarder class (or to signing up for
feedback loops, for that matter.) SMTP AUTH can handle all SMTP cases,
e.g. multiple recipients. This would enable working "live", thus
encompassing, say, DNSBL and SPF, that would otherwise require their
own arrangements.
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
https://www.irtf.org/mailman/listinfo/asrg