At 05:30 PM 8/18/2004 -0700, Dave Crocker wrote:
Jim,
JF> To state it a different way, what's important isn't who the sender is, but
whether the
JF> sender is authorized to use that email address. In a sense we're making
the domain
Actually, I don't find "authorization" all that interesting.
Necessary, perhaps, but not interesting.
What is interesting is whether a gross violator can be properly
penalized. That's different than saying that someone gave the
permission (authorization) before they screwed up.
"Interesting", I presume, refers to how effective this mechanism is against
spam. I completely agree that authorization is necessary, but not sufficient;
we will need accreditation/reputation services as well. The penalty will be a
lower rating.
But there are other problems we could be solving as well, such as to aid
enforcement of audit mechanisms at financial institutions (if the message is
signed, it got archived for the regulators). That isn't as urgent a problem to
solve as spam/phishing to most of us, but it's a side benefit.
-Jim