At 19:56 17-10-2011, Douglas Otis wrote:
Agreed as well. What is needed is a light weight method to avoid
abusive sources with a glimmer of hope it might actually work. We
defend our services dynamically from
Taking people off the web removes a source of abuse. Keep in mind
that without these people, you won't be paid. :-)
Neither SPF nor DKIM properly defend domains. IP address
authorization and signatures omitting senders and intended
recipients against actually authenticating the accountable domain is
what is lacking. These two schemes largely support white-listing
domains considered "too big to block" and glaringly lack a practical
means to defend smaller domains or at inhibiting spam. Email is in the ditch.
SPF and DKIM, like any other scheme, is not some holy grail that will
solve all the email problems. All schemes largely support "too big
to block". That is how consumerism works.
In the face of IPv6, address authorizations schemes become
increasingly problematic and disruptive. Email needs to learn from
social networks.
Social networks is where a lot of spam come from but we cannot call it that.
Have each develop their own authenticated "buddy" list as an overlay
to what individual users might adopt. Perhaps Apples example
explained in RFC6281, might provide a method
See web of trust.
compete with social networks, a light weight method to
authenticate outbound MTAs is needed, or eventually email will be
supplanted by various proprietary services. Many
From draft-ietf-marid-csv-csa-02:
"Internet operation has typically required no public mechanism for
announcing restriction or permission of particular hosts to operate
clients or servers for particular services on behalf of particular
domains. What is missing is an open, interoperable means by which a
trusted agency can announce authorization for a host to operate a
service."
Which trusted agency should it be?
Regards,
-sm