the proposals aren't even a workable solution to
the real problem (I've yet to see a proposal that works if the spammers start
utilizing zombie machines that snarf the already-stored credentials of the user
to send mail)....
It amazes me how many people are eager to declare defeat on the spam problem.
Regardless of anything else, having authenticated mail allows whitelisting. If credentials are compromised they're simply removed from the whitelist. This should work well for all non-huge whitelists.
There is also the possibility of blacklisting known bad credentials. Yes, spammers can steal credentials, but this is several orders of magnitude more difficult than just generating a random from address as can be done today. The question is whether spammers can obtain new credentials (stolen or otherwise) faster than others can blacklist them. For user-based credentials this could very well be the case (although I'm not conceding to that), but for MTA-based credentials it should be possible to rate limit the obtaining of a new identity such that spammers can no longer reach critical mass. (I.e., wait a week before you can use an MTA with a certain address, then spam an hour before you're blacklisted reduces the amount of spam that can be sent from an address by a factor 169.)
"The people who claim that something can't be done shouldn't get in the way of the people doing it."
_______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf