Yahoo! has proposed a standard, DomainKeys, similar to my own idea, for server to server validation of email senders’ addresses that provides a direct mechanism for killing spam.
DomainKeys would require email servers that verify incoming messages to maintain a list of well behaved domains.
I think that the standard should include (or an additional standard should specify) a mechanism to automatically build “chains of trust,” so that for example, if A trusts B, and B trusts C, then A trusts C, where a trusted domain has adequate processes to identify its email clients and revoke the privileges of those who spam. Any single domain would then only have to maintain a very short list of directly trusted domains. An ISP whose clients have there own domains could provide a link of trust to a client as part of its service.
posted @ 01:14 PM EDT