On 10/11/11 11:35 AM, Steve Atkins wrote:
On Oct 11, 2011, at 11:16 AM, Murray S. Kucherawy wrote:
RFC3339 instead of ISO8601, perhaps?
Of course, abusers will only pay attention to this if it benefits them and it’s
cheap to do so.
Yup. But it's not the abusers that really matter here, it's the good actors who
are happy to play nice with the receivers, but don't have the information to do
so.
Rather than playing games that further burden receivers with added
state, spammers already make themselves appear legit by performing the
retries without actually doing it in a stateful manner, as campaigns
behind the retry may change. The advantage therefore goes to the spammer.
Just as Apple provides public kerberos services for all their millions
of users, perhaps email could benefit from a similar approach.
Something similar to that outlined in
http://tools.ietf.org/html/rfc6281
Recipients could then base acceptance on an authentication process that
takes place once every 10 hours, for example. Trust could then be
placed in services that exclude spammers. The approach would enable use
of either IPv4 or IPv6 without reliance upon any single service provider
or auxiliary reputation service. This would require a number of
conventions, but it should be pointed out their scheme uses existing
protocols.
-Doug