ietf-smtp
[Top] [All Lists]

Re: We need an IETF BCP for GREY LISTING

2011-10-11 15:00:30

On 10/11/11 11:35 AM, Steve Atkins wrote:
On Oct 11, 2011, at 11:16 AM, Murray S. Kucherawy wrote:
RFC3339 instead of ISO8601, perhaps?

Of course, abusers will only pay attention to this if it benefits them and it’s 
cheap to do so.
Yup. But it's not the abusers that really matter here, it's the good actors who 
are happy to play nice with the receivers, but don't have the information to do 
so.
Rather than playing games that further burden receivers with added state, spammers already make themselves appear legit by performing the retries without actually doing it in a stateful manner, as campaigns behind the retry may change. The advantage therefore goes to the spammer.

Just as Apple provides public kerberos services for all their millions of users, perhaps email could benefit from a similar approach. Something similar to that outlined in
http://tools.ietf.org/html/rfc6281

Recipients could then base acceptance on an authentication process that takes place once every 10 hours, for example. Trust could then be placed in services that exclude spammers. The approach would enable use of either IPv4 or IPv6 without reliance upon any single service provider or auxiliary reputation service. This would require a number of conventions, but it should be pointed out their scheme uses existing protocols.

-Doug