On Mon, Aug 22, 2022 at 12:17:52PM -0400, Phil Stracchino wrote:
> A lot of the problems in spam filtering is that the protocols we use for
> email delivery were fundamentally designed in insecure, unauthenticated
> ways, because they were created in a different, friendlier, arguably
> more naïve world in which nobody imagined that anyone would abuse email
> on a large scale.
No, lack of authentication is not really the problem. The "problem" is
a key design requirement, sending email is ubiquitous and
*permissionless*. Anyone (authentication would not change this) can
attempt to send anyone email, and this is what makes email useful.
The bad actors have an infinite potential supply of credentials, much
of my spam is 419 scams via gmail.com and outlook.com, from
authenticated users.
Authentication can help identify (for whitelisting) long-standing good
actors, but it can't root out bad actors. But with a *permissionless*
system, you can't limit communication to just the good actors.
--
Viktor.
