Re: IPv6 isn't SMTP

[Blake Hudson <blake () ispn net>]

Clay Fiske wrote the following on 3/27/2014 7:54 PM:
> On Mar 27, 2014, at 12:16 PM, Blake Hudson <blake () ispn net> wrote:
>
> > It's entirely likely that a spammer would try to get a hold of a key due to its value or that someone you've done business with would share 
> > keys with a "business" partner . But ideally you'd authorize each sender with a unique key (or some sort of pair/combination). So that 
> > 1) you can tell who the spammer sourced the key from and 2) you can revoke the compromised key's authorization to send you subsequent email 
> > messages.
> >
> > There's probably some way to generate authorization such that each sender gets a unique key or a generic base is in some way 
> > salted or combined with information from the individual you're giving your authorization to such that the result is both 
> > unique and identifiable.
> (Not to single you out, but this is a good entry point.)
>
> So somewhere between this and the “every user should have their own MTA” idea, something would need to be done to close 
> the end user usability gap.
>
> - “I just bought something from this boutique website, how do I (or my ISP) know how to let them email me my receipt?”
> - “My friend gave his buddy my email address to send a resume for that job opening I have. How do I permit him to send 
> me email?”
> - “This .gov entity needs to email me about my (taxes|health care|car registration|…), how do I give them permission?”
> - “My long lost high school friend found my email address somewhere (and isn’t using gmail, hotmail, yahoo, ….), how do 
> I keep her from getting blocked?”
>
> All of these end-user questions will have to be answered by any such technology which seeks to solve the spam problem 
> using a manner such as you describe here. And if you’re going to say the solution is “in addition to my email address, 
> in order to send me mail someone is going to have to know my (key|pass phrase|…)” then anything which currently 
> collects your email address is also going to need to collect “that”. Therefore how do you control “that” from getting 
> in the wrong hands in that list of emails someone is selling to spammers?
>
> Am I misunderstanding what’s being proposed here? To me the ubiquity of email is its own undoing — it’s so convenient 
> because you can email anybody, anywhere, from anywhere, but it’s so spammable because you can email anybody, anywhere, 
> from anywhere.
>
>
> -c
You're absolutely correct. These are the exact challenges and I'm sure 
they can be addressed, over time.