[Top] [All Lists]

Trusted agency (was: We need an IETF BCP for GREY LISTING)

2011-10-18 02:37:05

At 19:56 17-10-2011, Douglas Otis wrote:
Agreed as well. What is needed is a light weight method to avoid abusive sources with a glimmer of hope it might actually work. We defend our services dynamically from

Taking people off the web removes a source of abuse. Keep in mind that without these people, you won't be paid. :-)

Neither SPF nor DKIM properly defend domains. IP address authorization and signatures omitting senders and intended recipients against actually authenticating the accountable domain is what is lacking. These two schemes largely support white-listing domains considered "too big to block" and glaringly lack a practical means to defend smaller domains or at inhibiting spam. Email is in the ditch.

SPF and DKIM, like any other scheme, is not some holy grail that will solve all the email problems. All schemes largely support "too big to block". That is how consumerism works.

In the face of IPv6, address authorizations schemes become increasingly problematic and disruptive. Email needs to learn from social networks.

Social networks is where a lot of spam come from but we cannot call it that.

Have each develop their own authenticated "buddy" list as an overlay to what individual users might adopt. Perhaps Apples example explained in RFC6281, might provide a method

See web of trust.

compete with social networks, a light weight method to authenticate outbound MTAs is needed, or eventually email will be supplanted by various proprietary services. Many

From draft-ietf-marid-csv-csa-02:

  "Internet operation has typically required no public mechanism for
   announcing restriction or permission of particular hosts to operate
   clients or servers for particular services on behalf of particular
   domains.  What is missing is an open, interoperable means by which a
   trusted agency can announce authorization for a host to operate a

Which trusted agency should it be?