Dag Kihlman wrote: [snip]
This '100% verification you're offering is the same that we get today: we know what IP address is connecting to us.Since the sender never can be 100% verified in a push system I suggest a pull system where the sending server is always 100% verified. It is not authenticated, it is not certified, it is not blessed by the pope but if the mail body is not on that server the spammer is really really stupid.
We can do black/white/category lists by connecting IP with the current system. What are MAPS, SPEWS, ORBS, DSBL, DUL, etc?On top of this 100% verification of the sending server you can add blacklists, whitelists, classifications. Probably people will blacklist like mad but that is really up to the individual. ICQ is a system where the user can blacklist everyone else but the persons on the contactlist. This does not mean ICQ does not work. It works splendidly. People are able to communicate and maintain a blacklist at the same time. They can do it and they will do it better than automated servers.
Again, if you create blacklists of pull servers, spammers can still use them to look up vulnerable hosts, and those hosts are just as useful as they are now, because not many people actually use IP-based blacklists as blacklists.Sure you can have blacklists in push as well, but allowing spammers to push is really making them a service: they are able to hit and run leaving virtually no trace on the hacked machine. In my system I will see if spammers or viruses are using my credentials to send mail and I am able to stop them. If my ISP has not blocked the ports to a pull server on my machine some blacklists will discover that a lot of spam is comming from my ISP and block everything from the ISP. Sure this is causing damage but to quote Rambo: they made first blood! ;-)