[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [Asrg] SMTP over SSL
I find it hard to believe that if you told the administrators for
Hotmail, Yahoo, AOL, Earthlink, etc., that you had a way to decrease the
amount of e-mail arriving on their network by ~50%, they wouldn't soil
themselves with excitement?
At the JamSpam meeting there was a lot of interest from the
representatives of these companies in developing some form of open
authentication mechanism.
The problem here is that you can't just put those folk in a room and have
them talk about their business. That would be what lawyers call a
PROBLEM.
Additionally, I don't think I have the same view of liability that
everyone else does. The reason that I'm such a big advocate of a
certificate based system, similar to SSL, is that the certificates can be
revoked. Instead of asking networks to pay huge sums of money to other
people, why not charge them a very large amount of money to get their
certificate back (such as $10,000). Anyone who accidentally got the
certificate revoked could get it back, but it would cause them sufficient pain
to ensure that they correct their practices. Also, you make the cost of
spamming much higher... everyone who deals with spammers will charge
them at least as much money as required to get their certificate back once
it's revoked.
Eric
There are a lot of strategies that can be employed. Including having a
rating service rather than a revocation service. There is no reason for the CA
to have to run the rating service, it could be an independent entity. It does
not have to be black/white listing, it could be a 5 point scale of spamminess
coupled with a 'member since' indicator.
Phill