[ On Friday, September 24, 2004 at 19:11:45 (+0200), David wrote: ]
> Subject: Re: [exim] MARID, SPF, DomainKeys, SenderID ?
>
> i'm thinking about a similar system, where a smtp extension allows to
> pass a authorization token to the receiving mta that authorizes the
> sending mta (ip address) to send that email. If the receiving mta needs
> to forward that email to another (external) mta then it must request
> authorization to do that from an authorization server taken from the
> envelope sender's domain dns system, so it could use the new auth token
> with the next hop. Just starting to think about it, the major drawback
> is as always that needs critical mass to really work, and modification
> of mta software, but at the end any solution will need this, so why not
> think deeper about it ...
Well if you didn't try to complicate things right at the beginning then
you wouldn't run into such problems in the first place.
What I am proposing does not really require any modification to any MTA,
and it certainly does not require any critical mass to work well enough
to be used by those who might want to use it.
K.I.S.S.
> in fact, any improvment to smtp that could fight email forgery in a
> effective way needs to get critical mass, so it has nosense to discard
> any idea just for this reason.
Well public key crypto systems that build upon a web-of-trust idea, just
as PGP does, do not require critical mass to be effective. Indeed any
"open" system doesn't even require a significant "market" share to be
highly effective for its users.
> looks like a whitelist
that would be one way of doing it -- but since it's based on a web of
trust model it's many-to-many instead of one-to-one.
--
Greg A. Woods
+1 416 218-0098 VE3TCP RoboHack <woods@???>
Planix, Inc. <woods@???> Secrets of the Weird <woods@???>
