R.A. Hettinga writes:
Any e-mail authentication system, for example, would check that the block of Internet addresses assigned to an e-mail provider includes the specific numeric address of a sender of a piece of e-mail.
Huh? Somebody is confused here. DomainKeys is 1) an e-mail authentication system, and 2) it doesn't check IP addresses. Instead, it uses cryptographic signing using public/private keys which have the potential of being assigned down to the individual level.
Still, panelists insisted authentication is a vital first step. After that, they said, could come a system that evaluates the "reputation" of senders, perhaps using a process that marks good e-mail with an electronic seal of approval.
Yes, this is true. John Gilmore is a pain in the ass for standing on his rights (some government types might say *fucking* pain in the ass), but he is correct. ALL of the effort spent to secure open relays was basically wasted effort, because spammers just moved on to insecure client machines. The proper route to control spam is to involve users in prioritizing their email, so that their friend's email comes first, followed by anybody they've sent mail to, followed by people they've gotten email from before, followed by mailing list mail, followed by email from strangers (which is where all the spam is). All of that relies on email authentication to work. Why the heck can't we just shortcut all this pain, and just listen to John in the first place? I vote to elect John to the post of Benevolent Dictator For Life. -- --My blog is at angry-economist.russnelson.com | Violence never solves Crynwr sells support for free software | PGPok | problems, it just changes 521 Pleasant Valley Rd. | +1 212-202-2318 voice | them into more subtle Potsdam, NY 13676-3213 | FWD# 404529 via VOIP | problems.