Bill Parducci commented:
> Noel J. Bergman wrote:
> > We could devise some other ad hoc server signed approach, or the IEFT
> > could put out an RFC tomorrow, but then we are still stuck with your
> > "network effect" objection. S/MIME is the only technology for which
there
> > is ready MUA support.
> right-o.
> ...and my point was that if we are going to do that [extend] we might as
> well look at extending SMTP [james] to include a 'call back' mechanism
> (relying upon dns to derive the MX info)
What could would that do? I can take your entire message, replace the
contents with spam, and send it along. If we don't sign the contents, there
is no way to validate that *you* wrote them. As the receiver, I would query
the sender domain to make sure that it has a legitimate sender, but then all
that we've done is (a) provided harvesters with a tool for verifying
addresses, and (b) told the receiver that the address exists, not that it
really sent the message.
Also, don't forget that the other thing we're slowly doing is banning direct
connections from DHCP pools. Only the current on-ramp, or a private host,
should provide mail service.
You need to account for the fact that my e-mail address might be
[EMAIL PROTECTED], but I might be using mail.lothlorien.net for SMTP
service at the appropriate point on my journey. You need to allow that,
while preventing the Nazgul at the Prancing Pony Cybercafe from using
[EMAIL PROTECTED] to tell Glorfindel that we're delayed, and to just
stay home for a few days. Sure, spammers use bogus addresses, but more and
more they are just using someone else's address. This past week, most of
the spam I saw (and a lot of bounce messages) had addresses I recognized.
--- Noel
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
