On Tue, 10 Sep 2002, Iljitsch van Beijnum wrote:
Or we throw out SMTP and adopt a mail protocol that requires the sender to provide some credentials that can't be faked. Then known spammers are easy to blacklist.
The "credentials that can't be faked" is a rather hard to implement concept. Simply because there's no way to impose a single authority on the entire world. The question is whom to trust to certify the sender's authenticity? I have correspondents in parts of the world where I'd be very reluctant to trust "proper" authorities. I'd be so very easy to silence anyone by _not_ issuing credentials. Besides, anonymous communication has its merits. So what's needed is zero-knowledge authentication and Web-of-trust model. And don't forget key revocation and detection of fake identity factories. Messy, messy, messy. --vadim