On Sun, Feb 22, 2004 at 11:39:33PM -0600, Richard Rauch wrote:
> An interesting thread.
> [...]
> Mail should be signed at the SMTP layer by the sending system.
> [central key issuer(s)]

I'm violently opposed to any kind of central authority controlling the
flow of email. It has been demonstrated that the customs of the 
internet have little binding on companies that feel the need to make
a quick buck (Verisign), and the idea of giving it to a government
doesn't bear thinking about. 

IMVFHO, SMTP is fundamentally broken: it obeys a false analogy between
snail mail and internet mail, namely that the message and envelope must
go together. If I ruled the world, this is how BMTP would would work...

Suppose Alice sends an email to Bob:

 * Alice's MUA hands it off to her ISP by some transport protocol. 
   (Could be anything, it wouldn't matter).
 * The ISP's MDA sends a notification message to the MDA for Bob's
   domain. (At this point you could use tarpitting/blackholing/reverse DNS 
   or anything else you feel like.) 
 * Bob would download all of his notification messages. Each 
   notification message has a unique tag that allows Alice's MDA to
   find the body of the message.
 * If Bob is sufficiently convinced by the header infomation (Sender,
   Subject etc.) he can use his MUA to retrieve the body. 

This scheme is better for several reasons:

 * It only transferrs message bodies on demand. This saves a bunch
   of bandwidth.
 * The effects of blackholing are immediate, both in terms of stopping
   the spam and holding the responsible ISP hostage (i.e., "None of
   your mail gets delivered until you throw this guy offline"). 
 * In order for people to see the spam, the spammer (or his ISP) has 
   to maintain a constant connection to the internet. This gives
   a chance for law enforcement to gather information.
 * <wild_ideas>It could be generalized to replace NNTP and traditional
   mailing lists. Notifications could be aggregated and delivered in
   bulk, either on schedule or by request. Such a system would save
   a group like NetBSD oodles of bandwidth.</wild_ideas>

Someone will object that this doesn't solve the spam problem entirely:
some spam will still get through. This is true, but it is true under
any open system, and I'm willing to accept that (reduced) amount of
noise, in lieu of central control.

So there...
-- 
Bruce J.A. Nourish <bjan@bjan.freeshell.org> http://bjan.freeshell.org
SDF Public Access UNIX System - http://sdf.lonestar.org