Re: SMTP authentication for broadband providers

[Rob Pickering <rob () pickering org>]

--On 13 February 2004 09:27 -0500 Valdis.Kletnieks () vt edu wrote:
> Yeeee-Haw!  A return to the Old West of bangbaths and pathalias.
>
> No thanks.

That's absolutely the issue with emerging resignation to "e-mail 
peering" and the like being the only solution to the spam problem.

Folks who've been around long enough to remember UUCP maps or 
ADMD=/PRMD=  know how huge the cost and support overhead of 
unreliability per e-mail sent is relative to SMTP delivery.

Before we drop into that particular trap I'd like to think that one 
more attempt could be made at using PKI to do MTA identification.

Maybe I'm a dreamer, but a world in which I only accept mail from 
MTA's that present a certificate from a CA I trust seems way better 
than one where I need an offline contract with a necessarily few 
people, and the world has to work out how to reach me through them.

This won't stop spam at all levels, but neither will e-mail peering 
as it will still be possible to inject SPAM into a provider's network 
and therefore get it transited through their peering links. It's much 
easier to kill a black-hat or just careless MTA by locally 
blacklisting an individual public key, CN=, O=, or even C= if I'm 
minded to.

--
   Rob.