mail-ng
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Delete all and replace is practical

2004-01-31 17:51:58
from [Fred Baker] [Permanent Link] 
At 01:27 PM 1/31/2004, Hallam-Baker, Phillip wrote:

The core problem of email as far as I am concerned is the interminable
forwarding problem.
There I will disagree. The present model in fact gets messages from where they are to where they need to go.
If I had to pick one thing (and there are others to pick, such as "wouldn't it be nice if we could just use unicode directly") as the fundamental issue, it would be that when I look at a message I have received, 

 - I cannot determine who sent it to me even if it declares its source
 - I cannot tell who received it (who was BCC'd?)
and
 - when it is forwarded on, I cannot prove the assertion that what the
   forwarded text said is indeed what I said.
and as a result
 - a mail MTA/MUA has few strong hooks to hang a policy on
I use PGP as a way to give you that information on mail I send; you don't. So I presume that someone sent the email I am replying to and used your address to send it, but it might actually have been your admin, or for that matter anyone else.
IMHO, the big thing I would like to change in email is that I would like to be able to apply a policy to spam, bounce, and virus email. There are various ways to do that, and the ones that demonstrably work have some concept of a strong identity associated with them. Note that I did not say "eliminate all spam"; while that is laudable, I don't know that I can in fact do it, given that I can't legally define it. But if I could ensure that the person or Turing Machine sending an email was specifically the one identified as sending it (or was part of an appropriate larger whole), I could apply a policy. Maybe I want to accept email from verisgn.com but not from spam.verisign.com, for example, or I want to accept mail from pbaker(_at_)verisign(_dot_)com but not TomWhoSendsSpam(_at_)verisign(_dot_)com(_dot_)
When it comes to viruses, that gets far too amusing. I would like to somehow have the MUA only originate mail if the human originates it, perhaps via a program, but not if the program is operating beyond contact with its human. I have an idea that identity can help here, but I'm less sanguine than I might have been a little while ago.
I want and end to end identifiable sender. That is not an implication that I want a CA or a global PKI, although those are possible approaches to accomplishing it.

Attachment: pgpz0gw0VtQtT.pgp
Description: PGP signature

[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Message Routing Philosophy, James Craig Burley
Next by Date:  Re: On the spam problem..., Fred Baker
Previous by Thread:  Message Routing Philosophy, James Craig Burley
Next by Thread:  Re: Delete all and replace is practical, Keith Moore
Indexes:  [Date] [Thread] [Top] [All Lists]