On Thu, 2004-06-24 at 14:50, David Wall wrote:
The problem I have with sender-authentication schemes is they are coverting
an open, useful, free and unfettered email solution into something only Big
Brother and Big Corporations would ever want.
With the Fenton "Identified-Mail" proposal, sender identification is an
option. It is independent of the mail channel and may take place at the
mail user agent (MUA) without loss of integrity. This places no
restrictions on mail while individuals and corporations alike may
quickly implement this method to identify themselves without investing
in third-party certificates. This feature is a function of the MUA and
can happen tomorrow without any standards enacted, although standards in
this area would be beneficial if this is to be widely accepted.
There are thousands of mail providers requiring no identification, nor
do any MARID proposals curtail this desirable freedom by respecting
economies that enable this service. The goal is to curtail the abuse
that increases costs that will eventually constrain this freedom. The
CSV-HNA-CSA approach attempts to identify domains submitting mail to
enable evaluation and follow-up as a means to curtail these costs.
Much of this abuse happens over commandeered systems where owners remain
oblivious to the subversion of their system. If these systems are
forced to identify themselves, this highly criminal act will likely be
thwarted. It is a small price where most users will be unaware anything
has changed. By ridding the system of those that are largely
perpetuating scams and outright theft, the freedom afford mail is
preserved. Making it legally required for those that advertise to use
the "Identified-Mail" mechanism would further curtail scams based on
identity fraud as it would provide verified mail addresses.
-Doug