> From: Paul Vixie <paul@xxxxxxx> > ... > > And everyone else needs to move from the generic reference to > > "consent" on to something that is more concrete, as well as being > > integrated into a full range of human uses for email. > > i'm pretty comfortable with www.dictionary.com's definition of "consent". That is the fatal flaw in the calls for technical mechanisms "communicating consent" to fix spam. Webster's definition of consent also applies to keeping solicitors from knocking on your door and bandits from mugging you on the streets. What keeps enough of them from lying about having your consent are the non-technical protocols of the justice system. No matter what additional token of consent that you require spammers to present to demonstrate that you have agreed to their mail, either spammers will be able to forge it or legitimate strangers won't be able to obtain it without contacting you or your agents and ceasing to be strangers. The usual response to that (and one which I think you've suggested) is to have a third party act as your agent. But that is exactly equivalent to the Microsoft/Verisign crypto authentication FUSSP. Whether SMTP is involved is irrelevant; the fatal flaw of such agencies applies to any messaging scheme. It is that unless a mail identity is practically unforgeable thanks to $10,000 costs or enforced legal penalties, spammers will sign up for new identities as each is executed for spamming. If an identity costs less than $50/year and there are no enforced laws against having as many identites as the recent spurt of "Zhang Jung" and "Media Dreamland" domain names, it will be impossible for your consent/identity/reputation agency to ensure that 1000 of the next 1,000,000 applications are really Al Ralsky in disguise. There are other problems with the "consent" or "identity" or "reputation agencies" that are often talked about. One is that giving Microsoft/AOL a franchise to levy a $0.001 toll on or append an ad to every message in the Internet is a Bad Thing unless you are stockholder. These problems have nothing to do with SMTP. You give aid and comfort to the spammers and parasites on the spam problem by suggesting that a replacement to SMTP might solve these non-technical problems with "communicating consent." You are implicitly supporting the worse than snake oil being flogged as spam solutions by big outfits. Vernon Schryver vjs@xxxxxxxxxxxx