Ok, my last message on the subject on this list (at least for a while).
On dinsdag, jun 3, 2003, at 16:56 Europe/Amsterdam, Dave Aronson wrote:
Someone's "home MTA" sould be able to simply rate limit the number
of messages an individual user gets to inject into the global email
distribution system. Then all we need is a system to differentiate
between trusted MTAs and rogue ones run by spammers.
Then we're back to Square One (okay, maybe Three) with blacklists and
whitelists.
Obviously black/whitelisting the MTAs you know is a good start. The
challenge is doing something useful when you first encounter a new MTA.
This can be done by asking such an unknown MTA to present a certificate
that is signed by one or more people or organizations you trust.
This will make getting a new bona fide MTA up and running more
difficult than it is now, but not to an unreasonable degree, IMO.
Spammers on the other hand, will be unable to grab an address and start
spamming immediately: they'll have to trick someone into validating
their MTA. I'm sure they'll succeed in this from time to time, but not
all the time, or people will simply ignore the naive validator. This
should work especially well if validation depends on some real-life
info: having to get a new (street) address or drivers license to be
able to do a spam run should have a nice discouraging effect.