On Aug 21, 2007, at 4:59 PM, John C Klensin wrote:
I'm not convinced that is worth it --and strongly suspect it is not-- but, if Doug believes otherwise, I'm looking forward to seeing a proposal.
I hope to have a draft ready in the near future. When SMTP was developed, HTTP did not exist in its present state. HTTP over a clustered file system is now able to function as a separate message channel for even the largest provider. This separate channel can significantly lower the +90% levels of spam currently carried by SMTP, while also substantially moving the burdens toward the sender where it belongs.
Why change? When a sender is suspected of spamming, the receiving MTA could limit exchanges to Transfer By Reference instead of issuing an ultimately more expensive refusal or message acceptance. In the case of TBR, SMTP would be limited to just exchanging an HTTP message reference within the SMTP envelope. This separate HTTP channel provides both delivery confirmation, and ensures the validity of the reference.
Whether the message is accessed depends solely upon the reputation of the HTTP publisher. Any additional information could be abused and might require filtering. Filtering burdens the recipient, where bad actors enjoy a significant advantage. Not relying upon filtering, finding an identifier independent of the IP address, excluding "friendly" information, and reducing the burden on the recipient are the general guidelines.
As the message reaches the MDA, the MDA would have the option to proxy access via BURL, fetch the message and revert to a normal SMTP form, or convert the reference into a pseudo message compatible with MUAs where recipients decide whether a message is to be accessed. TBR does not prevent spam, however it significantly lowers the recipient's burden and provides a simple means for avoiding unwanted or spoofed messages. Details will follow in a draft.
-Doug _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf