On Mon, 2004-05-24 at 22:58 -0400, Michael C. Neel wrote:
I read some of it, and I'm not sure what they are trying to do. Sounds like they would put alot of work on developers of smpt servers and clients, and all this would be wasted because spammers could just as easily make they needed changes too.
Well the thing is it is basically just setting a minimum service level for smtp, but it doesn't add anything which isn't already there (smtp-auth, ssl, etc). The main effort is on the server side.
A better idea IMHO? Have mail servers carry certs like secure http sites. Cert fails verification with third party? No mail from you then. Running a server that allowed forged info, and get caught? Cert revoked. Sure a spammer can still spam away, but it wouldn't be a forged source and you could contact the server admin, and if the complaite to the cert authority got to be numerous they would have trouble getting a renewal. Bonus? Encrypted transmission of emails would be possible =)
There's been talk of standards like this. I'm not sure it will be that effective in the long term. Its too easy for crackers to get hold of keys or even break them. I guess it w
...it's fun to dream anyway, we can't even get IPv6 inplace, lol.
Something will have to happen, spam is costing too much in time and resources. So something like a 'secured' internet email backbone will develop, although it will require someone like MS to do it, and to open the protocol enough for others to use it. Although their security record doesn't inspire confidence.
|
