In article
<994e7a23-9e80-4751-6067-8863ad0ee72f(_at_)network-heretics(_dot_)com> you
write:
And since this would be entirely new practice, it would at least be
possible to require Organization Validation or Extended Validation
certificates as a condition of accepting mail, or more likely, as a
condition of not pessimizing mail... and/or set up email-specific CAs
for the purpose of authenticating SMTP clients.
It's still a WKBI. Whitelisting by source doesn't work at scale, and
for source scoring, I don't see any reason that a cert would tell you
anything more useful than an IP and a host name. It's not like we have
any trouble now telling when mail is coming from Google or Yahoo or
the university down the road.
R's,
John
_______________________________________________
ietf-smtp mailing list
ietf-smtp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-smtp