On 18/02/2012 8:44 p.m., Giovanni Panozzo wrote:
Il 18/02/2012 08:24, Adrien de Croy ha scritto:
We can't presume everyone has a full time internet connection.
100% agree. Store and forward is still required in some part of the
world. I developed XATRN (http://xatrn.panozzo.it), and there are
still very some (few, very few) users that use it with intermittent
Internet connection. Yes, I think that the future will be for
always-on connections, but there is no full world coverage of such
kind of Internet access.
They authenticate over sasl using some fancy
federated authentication protocol (project moonshot) before being
allowed
to post to my inbox.
Personally I'd be tempted to mandate use of X.509 (SSL) client certs and
TLS.
Maybe X509 can be one of the weapons against spam. But today spam
comes from a "stolen" webserver (injectet PHP script) or from "stolen"
PC (zombie PC, zombie network).
Spam NEVER comes from the sender itself. SPAM comes from a stolen
account :(
plenty of spam comes from the sender not stolen accounts. That's why
the spammers do things like register their own domains and SPF records.
Yes, better knowing the stolen account can help in fix the problem,
linke telling the user to run antivirus/reinstall OS, or the webmaster
to check its .PHP files. But I don't think that identifiyng the user
with X509 cert or some other federated authentication will help.
the server will have a cert. It can be seen as spamming, and its cert
can be revoked. That will cut it off.
Having to get another cert will provide an incentive for the admin to
care about it.
--
Adrien de Croy - WinGate Proxy Server - http://www.wingate.com
_______________________________________________
imap5 mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/imap5
