Re: [Asrg] Some data on the validity of MAIL FROM addresses

["Alan DeKok" <aland@freeradius.org>]

Vernon Schryver <vjs@calcite.rhyolite.com> wrote:
> This issue seems like a minor nit until you notice how many proposed
> spam defenses are based on the assumption that most spam is forged,

  I've seen few defenses which make that assumption explicitely, or
even implicitely.

> so that spammers cannot receive DSNs and spammers are not authorized
> to use the sender addresses or SMTP clients they use.

  Which brings us back to the charter.  Here "authorized" == "consent".

  Q: How does the recipient of an email determine that the domain
     owner of the alleged "From:" consented to send that email?

>  For example, if 90% of spam is forged, then RMX, C/R, and
> authentication schemes could do a lot against spam (modulo their
> other problems).  If only 10% of spam is forged, then those schemes
> are limited to affecting that 10% fringe, albeit a very irritating
> fringe.

  These systems establish a consent framework for communication.  In
my opinion, explicite consent-based frameworks will be the only methods
by which the spam problem is solved.

  And until a better system is presented, it looks like attacking even
only 10% of the problem is the best option we have right now.

  Or do you have a better system you'd like to propose?  If so, I'm
all for dumping RMX, C/R, etc.

  Alan DeKok.
_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg