Guys,
With respect to verifying that the sender is really the sender, there are two basic means. One is a digital signature, the other is MAIL FROM AUTH=, which is part of SMTP AUTH. In something of an ironic coincidence, I just heard back from Bill Shannon regarding JavaMail support for MAIL FROM AUTH=, and will CC the mailing list on my response.
Yeah Noel, don't take this the wrong way, but I think cow's will fly before this approach. You've enumerated a string of unimplemented RFCs, libraries that don't support them, and have complex behavior that would be an inconvenience for non-adopters.
Here are some thoughts about what is needed for trusted email approach (whatever form you're talking) needs to obey to take off:
1. Does not create multi-part content
Developers and users alike would rather not deal with multipart content if they didn't have to. Not to mention CPUs and disk space.
2. Cannot rely on "network effect"
You cannot necessitate getting a critical mass of users before it becomes useful. It needs to be useful to someone from the beginning and/or extremely trivial to add (gets into 3)
3. Simple enough for a Perl developer to hack together Whatever approach should be easy enough for a Perl developer to mimic.
Probably others... those are just some I've seen from looking at what email add-ons have taken off. Here are some attempts with theories on why they failed:
Message integrity is great, until you have to send an email from a company that attaches a disclaimer or you send to a mailing list that adds an advertisement or sign-off instructions.
Client certs are great until you realize you need to support a person read/sending email from webmail as well as their desktop.
Server call-backs would be great until you see how many servers would have to agree to this approach for it to be worth anything.
Anyway, I have no idea who or how this is going to get figured out... hopefully as the VC market starts spending on IT again, a bunch of new untested ideas will get tested and we may get something that sticks for a change. Spam and identity theft can probably scare a lot more money out of a VCs wallets these days...
-- Serge Knystautas President Lokitech >>> software . strategy . design >> http://www.lokitech.com p. 301.656.5501 e. [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
