Thanks, Douglas for your comments.
There are thousands of mail providers requiring no identification, nor
do any MARID proposals curtail this desirable freedom by respecting
economies that enable this service. The goal is to curtail the abuse
that increases costs that will eventually constrain this freedom. The
CSV-HNA-CSA approach attempts to identify domains submitting mail to
enable evaluation and follow-up as a means to curtail these costs.
As I said before, I don't believe this because all email that doesn't have
this identification stamp will be assumed to be suspect over time. In the
U.S., you can walk around with carrying identification. If businesses all
of a sudden (and they won't because it's bad business, just like this is bad
for email) started requiring identification to enter a store since it would
help them with theft issues, but said you don't have to have ID, you would
find that people would start showing their ID just to avoid being followed
everywhere they went in the store. The same will happen here in which all
non-authenticated email will be suspicious, will be further analyzed and
review, and will likely be tossed out in the fear of preventing spam.
Much of this abuse happens over commandeered systems where owners remain
oblivious to the subversion of their system. If these systems are
forced to identify themselves, this highly criminal act will likely be
thwarted.
Except that the commandeered systems will simply send messages out using
email addresses from the commandeered domain, so they will all carry the
legitimacy of authentication (and the legal exposure) but will still be
criminal.
It is a small price where most users will be unaware anything
has changed. By ridding the system of those that are largely
perpetuating scams and outright theft, the freedom afford mail is
preserved. Making it legally required for those that advertise to use
the "Identified-Mail" mechanism would further curtail scams based on
identity fraud as it would provide verified mail addresses.
It's already illegal to send spam, and rather than try to force
identification on everyone, why not try to prosecute the criminals today.
Note that the U.S. can spend over a billion per week to invade Iraq, but
apparently cannot even hope to prosecute a few spammers per week.
Let's face it, a spammer has to send out lots of messages to lots of people,
already making himself more apparent. Next, he has to advertise products
and collect money, making it even easier to track down the criminal. Sure,
many will be overseas, but if governments cannot cooperate to track down
criminals, why do we think the world will cooperate on a sender
identification scheme for email?
For any solution to be useful, it will have to be accepted widely, which
means changes to lots of SMTP servers. All of these changes are simply not
necessary if we train users how to avoid being victimized by spammers (every
pack of cigarettes contains a warning, but every computer and ISP account is
sold without any such warnings), businesses discontinue using email for
sensitive communications as they rightly should, and we start enforcing the
laws that already exist.
David