In response to the various threads on authenticated email... Yes, there is a value to authentication, even weak authentication. The vast majority of spam uses a forged origin address, according to our measurements and those of the FTC. By forged origin address I mean it was sent without any form of authorization by the domain owner. Call this what you like, but this is considered a serious problem by the ISPs and they are planning to take action to stop it. In particular there is no reason why hotmail should accept tens of millions of posts with forged headers purporting to come from Yahoo and vice versa. Authentication is not weak, it is merely one part of the access control problem. You also require authorization. Everyone proposing AuthN schemes knows that. Of course email is a longstanding infrastructure and members of the ietf tend to think that their use of the infrastructure is the one that matters. Before you get too worked up however, consider the following facts: 1) End users hate spam 2) ISPs are going to change the protocols to fix it 3) The side effects of existing spam filters and blacklists are terrible In case you don't believe 3, take a look at the history of faction fights between the blacklists. Listing each other was popular sport for a while. Organizations such as move.on have been blacklisted as a result of campaigns by their opponents who would sign up for the list then report it as spam. We see the same thing with checksum based schemes. One of the participants in the ASRG list reports as spam all email sent by other members he has attacked in the flame wars he keeps starting. What we are talking about here is authentication as a means of bypassing spam filters. Nobody is should simply reject email for not having an RMX or any other authentication mechanism. What will happen is that the spam filter will change the estimate of spam probability in response to the presence of valid RMX, the presence of invalid RMX and abscence of RMX. So if an email purports to be from hotmail.com we might have the following probabilities: A) Comes from RMX IP address 5% probability spam B) Does not come from RMX IP address 95% probability spam C) RMX not available 50% probability spam In case A the probability is probably low enough to simply whitelist (note this is assuming that the spam filtering is stateful in the extreeme and the probability for bozo.com with RMX might be 50%, exactly the same for no RMX). Case B is not quite high enough to reject (5% false positive rate is unacceptable). But the threshold for rejection on content inspection would be much lower, we only need to be about 90% sure it is spam to reject at an acceptably low false positive rate, for case C we would have to be 99.5% sure it is not spam to reject with the same level of accuracy. Of course you probably expect me to say something about digital certificates and PKI as well. PGP is Pretty Good Privacy, the web of trust design becomes somewhat unwieldy when you try to deal with authentication. It becomes tractable if you change the model to a key centric PKI such as XKMS which is a standards based evolution of the PGP Key server model. Once you get to that stage however you have a PKI and the functional equivalent of CAs... There are a couple of problems applying S/MIME/PGP and SSL cryptography to address the spam problem. Message level enhancements such as S/MIME have been designed to work end-to-end. They have significant impact on the mail transport and they authenticate individual users rather than domains. This is good if you want to authenticate end users, but that is more granularity and hence expense than the spam problem requires. SSL and STARTTLS allow encryption and authentication of the Internet hop of the mail process. this is a partial solution but fails in cases such as mail forwarding and in particular mailing lists. So some adjustment may well prove necessary there, although that is a detail. The reason that digital certificates are going to be needed is that the mail sender wants to have confidence that their messages are going to get through. People can construct schemes with PGP if they like, and many members of the IETF will have great fun using them, that is not a commercial threat I am going to spend much time worrying about. Before Moore's law another Moore gave his name to the Moore Bound, a lower bound on the diameter of a graph. Strong trust in large graphs requires nodes of high degree, in the PKIX world they are called CAs. I don't see any problem with multiple CAs either. With SSL certificates some people think that any certificate that is recognised by the browser is OK. So there might be an advantage to going to a Bucket-shop CA whose authentication procedure is no more than checking that your credit card payment clears (yes they do exist). With spam however the spam senders are going to start to try to acquire credentials to send spam. So zero-authentication CAs are going to be the first targets. Getting a certificate from a CA with strong authentication procedures is going to be much more costly - particularly if there is legislation and even more so if the credentials are considered disposable. The comparison to think of is with business registration. There is little to stop a crook registering one crooked business. However it is very hard to register a hundred crooked businesses a day. Another point to consider is that the identity certificate is only the start of the process. Other credentials can be layered on top of a certificate. For example a 'trusted sender' type credential might be layered over a digital certificate, possibly comming from an entirely different source. So you might have a CA saying 'I have authenticated Alice by process XYZ' and an auditor saying 'I have determined Alice is an unmitigated spammer'. Phill