What I really mean to say is:
There should be two or more classes of mail.
First class mail should display green.
Second class mail should not get the green light.
Third class mail should be filed very near the spam folder.
All direct mail from one end user to another end user should be first
class mail. We can take advantage of the property that in the vast
majority of such cases, the 2821 should match the 2822, and the ISP will
have no problem publishing SPF.
eBay and Citibank want their mail to fall into the first-class bucket.
Legitimate senders in their class want to ensure that they can do
whatever it takes so that their mail goes into the first class bucket
and anybody who tries to forge their names goes into the third class
bucket.
Mailing lists, web generated email (greeting cards) and so on may have
to be second class mail simply because 2821 does not match 2822.
I think most people would be OK with that. In the mailing list world,
people kind of expect that anyway, with "Precedence: bulk". I think the
greeting card community would also understand that by default because
their 2821 does not match 2822 they become second class.
But there is a way for second class mail to become first class:
- senders have to publish SPF.
- senders have to receive a reputation or buy an accreditation.
That way even mailing list mail can become first class.
I think people will be willing to operate within that world.
Note that class doesn't mean it will get priority before the end-user's
eyeballs, it just means they will have different expectations about the
validity of the message.
On Mon, Apr 05, 2004 at 05:08:32PM -0400, Meng Weng Wong wrote:
|
| For purposes of fighting 2822 header spoofing / phishing /
| impersonation, receivers now get multiple levels of accountability in
| their email.
|
| I propose that MUAs add two user-visible widgets:
| - did SPF pass on 2821?
| - does 2821 match 2822?
|
| If SPF passes, display a little sign that says "SPF OK".
|
| If 2821 matches 2822, display a little sign that says "HEADER MATCH".
|
| The tests are independent.
|
| But if both things pass, light them both up in green. This is the gold
standard.