At 02:52 PM 2/26/05, Stuart D. Gathman wrote:
If someone is circulating paper documents purporting to be written by you
(e.g. purchase orders), and you have no public policy for authenticating such
documents (such as a signature on file), and I can't be sure it is
not important, of course I'll come to your house and knock on the door,
(or call you on the phone) and ask, "Is this really from you?". This is
inefficient for both of us, and eventually you'll get annoyed enough to provide
me with some form of authentication so I can quit bothering you with the
forgeries. I would hope you wouldn't fault me for my trouble in the matter.
If some virus or spammer begins forging a domain name I'm responsible for
and another system begins loading down my server with rejected DSN's, and I
start getting calls from my users asking what this message they got means,
I'll be annoyed all right. I doubt how I'd solve that problem is what you're
hoping happens and I suspect I'm not alone in that regard.
Your solution responds to one form of abuse with what I expect will be seen
by a lot of people as another form of abuse.