Ultimately I believe the only real long-term solution will be something
based on the PGP web-of-trust (i.e. not just the model but the actual
existing keyserver infrastructure and existing authentication
mechanisms) but done at the MTA-to-MTA level such that postmasters can
measure the level of trust their mailers have of their connecting peers
and which will give them one very simple knob to ajust the level of
required trust. We already have the PGP keyserver infrastructure in
place and it already handles at least an order of magnitude more keys
than would be needed for all legitimate mailservers on the public
internet, and a small increase in keyserver transaction handling
capacity would be all that would be required (assuming all mail servers
used a local keyring to cache frequently used keys). Spammers who tried
to slip into the web of trust would quickly have their keys revoked and
all of them would be out of the direct-spam business in no time. That
would leave the spam-bots as the only viable spamming technology and
those are something every ISP will have to learn to deal with eventually
regardless.
- --
Greg A. Woods
+1 416 218-0098 VE3TCP RoboHack <woods@???>
Planix, Inc. <woods@???> Secrets of the Weird <woods@???>
