Re: Lazy network operators

["Steven M. Bellovin" <smb () research att com>]

In message <p06020407bca227be1be3@[192.168.1.101]>, John Curran writes:
> The reality is that the vast majority of email is handed off to a designated
> mail relay (whether we're talking about consumer connections or office
> environments), and if we actually configured connectivity in this matter,
> there wouldn't be a problem.

John, the problem is deciding who is an *authorized* email sender.  For 
example, I own a machine in a random rack -- can it send email?  The 
way I operate, it sometimes needs to -- I often set up tunnels to it 
from my laptop and from other machines in "banned" address ranges, and 
let it send my email.  For that matter, it hosts several IETF and 
personal mailing lists.  

Now assume that someone in some strange and wondrous part of the world 
has a similar need.  Are they authorized?  According to whom?

There have been a lot of authentication-based and filter-based schemes 
proposed, but I've yet to see a scheme that solves the authorization 
problem satisfactorily.  Not everyone wants to (or is able to) entrust 
their email to a a Tier 1 ISP; if nothing else, the Tier 1s would 
charge for the privilege.

                --Steve Bellovin, http://www.research.att.com/~smb