UE>> mail from [EMAIL PROTECTED] (for example), which is desirable. Right UE>> now it's technically possible for anybody to send mail from UE>> [EMAIL PROTECTED], although in some sense it's illegal. But spammers UE>> don't care much about laws.
I think the problem is not technical here - I can think of a few methods to implement sender verification with minimal adjustment to existing protocols and with introducing entirely new ones. The problem here is that until the significant part of the email-sending crowd does not use that method, whatever it be, you can not reliably filter your email based on this method. Meaning, corporate clients probably won't pay for implementing such a method - or would not pay enough for this feature to become necessary in every common software. Which means, common software won't have it or won't rely on it - back to square one. Now, there are two obvious ways out of this vicious circle: 1. Widespread world-wide conspiracy of sysadmins and programmers to implement and install the protocol. 2. Adoption of the protocol by some company like Microsoft or IBM that can make anything an industry standard. As they say, nobody ever got fired for buying IBM, and I'd add - for following IBM (or Microsoft) advice either. So if they say it's a good way to fight spam/viruses/etc - whatever "it" be "it" probably would get widespread acceptance - enough to catch momentum. And more importantly - enough to make those who didn't implement it yet somewhat uncomfortable - like when users ask administrator "why our clients complain that emails from our company come out as 'Unaunticated sender - probably spammer!' in Outlook - please fix it ASAP". Network effect is required for such things. UE>> OK, we can do without SSL certificates, but we can't do without UE>> domain names and DNS. Some things have to be centralized. But I UE>> agree that my proposed solution will have to deal with a lot of UE>> beurocracy. It is not easy to authenticate a person even in RL - identity theft and various scams are not unheard of, and it is much harder online when you can't see or touch a thing. However, most of the cases with email for the recipient it is enough to know that the sender of the email is authorized by the domain administrator to send it. At least, for detecting email forgery it would be enough - and mass-hosters of course would have to implement some internal mechanism to not allow users impersonate one another - but this would be outside of the email communication domain. -- [EMAIL PROTECTED] \/ There shall be counsels taken Stanislav Malyshev /\ Stronger than Morgul-spells phone +972-54-6524945 /\ JRRT LotR. whois:!SM8333 ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
