SMTP AUTH is certainly part of the solution but I think this is largely for user->server communication and not as much for server<->server. If spam is security problem or not maybe a point of view, what spammers are trying to do certainly often involves security measures. But in reality I'm just looking for increased security in email communication alowing for users and servers to decided the kind of trust relationship they want to have for that particular communication with choices between several methods and ability to negotiate what would be used (like during PPP, it is negotiated what type of transmission it would be, although analogy is really very remote). In my option, currently use of email is reducing due to amount of unwanted email and due to the way protocol is setup that may not allow user to fully rely on it and to be absolutly certain it was not intercepted, it was delivered to correct recepient, etc. I think we can work to make protocol and the tools needed for user to be certain email is received, that extra unwanted email is likely be thrown out (or at least marked as less secure) and this will lead to wider use of email and to allow for email to replace some of the things conventional mail is still used for. On Tue, 20 Aug 2002, Dean Anderson wrote:
What would you do that SMTP AUTH didn't?
How would your proposal solve the issues that plagued SMTP AUTH?
What makes you think that spam is a security problem?
--Dean
On Tue, 20 Aug 2002 william@elan.net wrote:
This is copy of the message sent to IETF mail list. As subject said, I'd like to organize IETF working group to define new additions to SMTP.
---------------- As everyone I'm sure have seen on the last "why is spam a problem" and other similar threads on ietf as well as numerous similar threads on other lists and boards, there is a serious need to do something to limit amount of unsolicited email. While the roots maybe social issue I do not see why we can not work on it from technical point of view. In addition to that during last years, I'v seen real need for new features to be added into SMTP, such as ones for callback, delayed transmission, delivery notification,secure communications, etc, etc and there are in fact several drafts available on some issues. As far as anti-spam mechanisms I do not belive we should force some particular method on everyone but rather built several verification features into protocol and allow server operators to themselve choose if they want to use it. Where the features were use the email would be considered more secure and users can use that to sort out mail (as many do already with special filters).
I believe its time we start working within IETF on new version of SMTP that would have more features and be more secure. I'v tried to point this out several times before on nanog and ietf hoping that someone would take the initiave but as this did not happen, I'm willing to do it now. At this point I'm proposing creation of IETF working group that would look into ways to extend SMTP. I'v created website and mailing list to discuss charter of the proposed working group at http://www.smtpng.org
Those who agree with me, please subscribe to the mailing list and lets work on this futher in a kind-of BOF. I'm also looking for two co-chairs for the working group with at least one preferablly having been chair of ietf group before. I'm planning on sending final draft for working group charter in about two weeks time and right now I'm going to be contacting several people who have expressed interest in working on SMTP protocol as well as contacting IETF area director on proceeding with this.
-- William Leibzon william@elan.net