On dinsdag, jun 3, 2003, at 16:56 Europe/Amsterdam, Dave Aronson wrote:
Someone's "home MTA" sould be able to simply rate limit the number of messages an individual user gets to inject into the global email distribution system. Then all we need is a system to differentiate between trusted MTAs and rogue ones run by spammers.
Then we're back to Square One (okay, maybe Three) with blacklists and whitelists.
Obviously black/whitelisting the MTAs you know is a good start. The challenge is doing something useful when you first encounter a new MTA. This can be done by asking such an unknown MTA to present a certificate that is signed by one or more people or organizations you trust.
This will make getting a new bona fide MTA up and running more difficult than it is now, but not to an unreasonable degree, IMO. Spammers on the other hand, will be unable to grab an address and start spamming immediately: they'll have to trick someone into validating their MTA. I'm sure they'll succeed in this from time to time, but not all the time, or people will simply ignore the naive validator. This should work especially well if validation depends on some real-life info: having to get a new (street) address or drivers license to be able to do a spam run should have a nice discouraging effect.