Provided alumni.ardvark.com has implemented something like SRS
along with SPF/RMX than this issue is completed negated provided
homeisp.net also runs an SPF/RMX compliant system when
receiving email.
SRS is not a work item here.
Deployment has a major effect on infrastructure. I have to get my
mail server to accept SRS 'munged' addresses.
I don't think that SRS is viable for use by the non-geek community.
Honestly after reading everything and having ran several mailing
lists I would think the easiest solution is to simple have the mailing
list software sign and archive the original confirmation email which
could be presented as proof. Clean, simple and much less headache than
trying to implement a scheme like this.
I tried working through that particular scheme. VeriSign offers high
quality archival notary services...
But then we are back to an accreditation problem. The big problem with
mailing lists is that with the excpetion of a handful of very big
commercial senders who are whitelisted everywhere (Yahoo, AOL) most
are run on an ad-hoc volunteer basis.
Unless you believe that people are going to continue to provide
high quality, trustworthy accreditation services pro-bono indefinitely
I can't see the market working here. The mailing lists are inevitably
going to be the place where the most disputes turn up.
I can't see Paul or anyone else volunteering to run mailing lists if
they are going to have to pay for the privilege.
However you work it the accreditation approach requires a lot of unfunded
effort in the mailing list case.
All we need to do to deploy this is to update the mailing
list software C/R
module and then update the spam filters.
Not really, as I read the proposal it would require updates to
mailing lists as well as the MTA itself.
No, only to the incomming mail filter MTA, which is usually going to be
a spam guard anyway and to the mailing list.
There are only three or four packages that are used by the vast majority
of mailing lists. This is not a complex feature to implement.
This would not be as trivial a task as you make it out to be.
A short while ago almost every mailing list on the net implemented the
opt-in scheme in a 48 hour period
You also mention later in the proposal
that standardization of the MAC algorithm need not be done so long as
sender and received use the same one which is doubtful to
happen without standardization.
No, it is not necessary. It is just a validation hack, the party
that generates the token is the verifier.
Another point you fail to acknowledge is that most mailing list
software already does actions similar to SRS with VERP when
it sends the
mail out for delivery to the subscribers. Are you than trying to say
that VERP is any less confusing than SRS which follow a similar
principle but add a cryptographic verfication hash? I find
SRS far more
verfiable than VERP by any standard.
But what does SRS prove?