In article <B9B24A4F-B0B0-484E-9039-0F68556DE014@delong.com> you write:
Or, for a more empirical way to look at it, there's reasonable correlation between having missing, generic or incorrect reverse DNS and the host being a source of unwanted or malicious email.
I’m not so sure about that.
It's a one way correlation. If the rDNS is busted, you can be pretty sure you don't want the mail. If the rDNS is OK, you need more clues.
Unfortunately, until we get widespread deployment of something better than IP reputation based systems, ...
You might take a look at how current spam filters work. Spamassassin is as good an example as any. It does dynamic weigthted scoring of a lot of factors, of which IP reputation is only one. I find that I can use conservatively run IP blacklists as a cheap prepass to avoid sending the mail to spamassassin at all, but there's a lot more than IP by the time the mail does or does not get delivered. DKIM is useful if have opinions about the reputations of the signing domains, not purely by whether there's a signature.
Perhaps this is simply the inherent cost of maintaining an open communications infrastructure with a low barrier to entry and the potential for anonymous communications which I believe has value to society and should be preserved. Perhaps someone smarter than I will some day develop a better solution.
It seems to be an axiom that any community large enough to be interesting is large enough to contain people who are malicious, so even requiring that people be identified won't help. R's, John