On 8/21/2002 at 10:53:19 -0400, Ron da Silva said:
On Wed, Aug 21, 2002 at 10:00:02AM -0400, sjj@pobox.com wrote:
what are the more basic problems you're trying to fix?
I'd like to be able to publish DNS records announcing my domain's *outbound* mail servers, with nice abbreviated forms to say "they're the same as my inbound (MX) records" or "any IP in x.y.z/24". Then cooperative ISPs (like say America Online) could refuse any email from my domain that originated from some random cable modem, instead of accepting it and then flooding me with 20000 bounce messages.
What about this email from you which came to me from Merit and not your mail server? Would break mailing lists and listserves unless the from field is overwritten.
A user/server certification system would be nice, as long as the certificate issuers held the right balance between ease of getting a cert and security in proving the identity of the cert holder. That would take away the anonymous nature of SPAM, and make enforcement possible. If an authority consistently fails to respond to complaints, you don't accept mail certified from them. And a certificate train will get you mail from small folks (I trust ALGX's CA, ALGX trusts AOL's, therefore AOL will accept my mail until I screw up, and ALGX revokes my server cert and/or turns me in to the FBI, or fails to and AOL revokes their trust of ALGX.) The only down side is the politics involved. -Dave