While the primary goal of adding an opaque identifier would be to
prevent replay abuse, it would also facilitate an alternative to
blocking an entire site with millions of users, where perhaps the
majority of these users have systems that are compromised.
As I said in my previous message, I actively do NOT want to make it easy
to do that. It's up to the sender to send mail legitimately. It is not
up to the recipient to do the sender's filtering for him, and the easier
we make it, the easier it is for lazy ISPs to say "we don't have to deal
with our zombies because the recipients can do it for us." If you don't
believe that's what some of them already think, ask AOL.
I agree that ISPs need help dealing with their zombies, but it's important
for us to give them tools to help identify and get rid of the zombies, not
to live with them.
Regards,
John Levine, johnl(_at_)iecc(_dot_)com, Primary Perpetrator of "The Internet
for Dummies",
Information Superhighwayman wanna-be, http://iecc.com/johnl, Mayor
"I dropped the toothpaste", said Tom, crestfallenly.