Stephen J. Wilcox wrote: So either this doesnt work because spammers don't actually use their own PCs to send email
Indeed; it doesn't do any good against spammers that control large numbers of zombie machines; they'll just distribute the processing load all over the place. And it would make life miserable for people that send large numbers of legitimate emails.
True.
Besides, the deployment is sketchy: before it can be activated, it needs to be deployed at the vast majority of servers that send legitimate mail, which means that in the interim one still has to accept emails that don't use the system, which in turn produces no incentive to deploy it in the first place.
False.
Michel.
While I think this scheme is a pretty bad idea, the argument above is just not correct. Obviously, until this scheme is widely-deployed, you have to accept email from sources that won't perform this validation, but that doesn't mean that there's no benefit to performing the validation or requesting it. If we assume 100% deployment of this scheme would be effective, then there are incentives to apply it yourself even if deployment is less than 100%. For example, one could filter sites that comply with this check less agressively than those that don't since since they're less likely to be spam. Similarly, as senders, we could get our mail subject to less stringent filters, which is presumably a benefit. Whenever we do the computation, we gain the benefit of being filtered less heavily. Any anti-spam scheme that provides benefits at 100% deployment also provides incremental benefit at less than 100% deployment. Recipients can filter compliant mail less agressively and thereby drop less legitimate mail. Senders can get less of their legitimate mail dropped on the floor by complying with the scheme where sites respect that compliance. DS