There is no way you can get rid of the spam/scam problems when you want to enable users unknown to eachother to establish a communication. At least not unless you add a cost. Your own idea won't work as long as spammers can get hold of large bot nets where each host will only send 1000 mails.

Maybe the following will be what you call yet another attempt to fix e-mail. But, there are a few basic things that could and should be done:

* All users must authenticate to send e-mail to non-local destinations

* All servers must use TLS, both when accepting mail from clients or other servers

Ofcourse this won't solve all problems, as long as bot-networks are available for spammers.

But:

This means that the server can check that the senders address exist and is authenticated before accepting the mail for delivery.

Supporting TLS on all servers will mean that one can limit mail acceptance to servers with certificates signed by trusted CA's, much like the SPF.

Further, it will mean that you can send your e-mail protected against sniffing en-route.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/404/33660#33660