[67588] in North American Network Operators' Group
Re: SMTP authentication for broadband providers
daemon@ATHENA.MIT.EDU (Rob Pickering)
Fri Feb 13 10:59:50 2004
Date: Fri, 13 Feb 2004 15:59:06 +0000
From: Rob Pickering <rob@pickering.org>
Reply-To: Rob Pickering <rob@pickering.org>
To: nanog@merit.edu
In-Reply-To: <200402131427.i1DERr4N019291@turing-police.cc.vt.edu>
Errors-To: owner-nanog-outgoing@merit.edu
--On 13 February 2004 09:27 -0500 Valdis.Kletnieks@vt.edu wrote:
>
> Yeeee-Haw! A return to the Old West of bangbaths and pathalias.
>
> No thanks.
That's absolutely the issue with emerging resignation to "e-mail
peering" and the like being the only solution to the spam problem.
Folks who've been around long enough to remember UUCP maps or
ADMD=/PRMD= know how huge the cost and support overhead of
unreliability per e-mail sent is relative to SMTP delivery.
Before we drop into that particular trap I'd like to think that one
more attempt could be made at using PKI to do MTA identification.
Maybe I'm a dreamer, but a world in which I only accept mail from
MTA's that present a certificate from a CA I trust seems way better
than one where I need an offline contract with a necessarily few
people, and the world has to work out how to reach me through them.
This won't stop spam at all levels, but neither will e-mail peering
as it will still be possible to inject SPAM into a provider's network
and therefore get it transited through their peering links. It's much
easier to kill a black-hat or just careless MTA by locally
blacklisting an individual public key, CN=, O=, or even C= if I'm
minded to.
--
Rob.
