A blog over on TechRepublic talks a bit about one way to reduce spam. In short, a global white list of actual people managed by some trustable central authority. This attacks the "untrusted sender" vulnerability in SMTP. It takes it a bit farther than SPF or SenderID in that it's an actual person not just a domain.
Dooooooomed to failure. Email is global, and there simply isn't a central trustable authority of any kind. The blog post mentions the FCC, which might be good for US-based email, but certainly not good for trusting email out of China or Russia.
It wouldn't stop much in the way of spam. Such a central repository is its own version of a spammer's dream mailing list, and also represents a treasure-trove of email From: lines likely to be trusted. It would only work when used in conjunction with something like SPF or SenderID to ensure that the person who is "joe.bob@mywork.biz" only sends mail from the mywork.biz mail-servers. It also wouldn't stop "gray-mail" mail-blasts from vendors, as the Sales department folk would just put their own mail address on the From: line of their mass mailings in order to get them past the "Real person" filters.
Email hygiene is a hard problem. SMTP is the poster-protocol for a protocol designed in a far more trusting time. Both the addresses on the To: line and From: line, as well as the addresses on the RCPT TO: and MAIL FROM: lines on the envelope probably should be validated in some way. As well as the IP address(es) of the servers involved in mail delivery. SMTP doesn't do this, and there is a very thriving industry to provide just this sort of thing.
Dooooooomed to failure. Email is global, and there simply isn't a central trustable authority of any kind. The blog post mentions the FCC, which might be good for US-based email, but certainly not good for trusting email out of China or Russia.
It wouldn't stop much in the way of spam. Such a central repository is its own version of a spammer's dream mailing list, and also represents a treasure-trove of email From: lines likely to be trusted. It would only work when used in conjunction with something like SPF or SenderID to ensure that the person who is "joe.bob@mywork.biz" only sends mail from the mywork.biz mail-servers. It also wouldn't stop "gray-mail" mail-blasts from vendors, as the Sales department folk would just put their own mail address on the From: line of their mass mailings in order to get them past the "Real person" filters.
Email hygiene is a hard problem. SMTP is the poster-protocol for a protocol designed in a far more trusting time. Both the addresses on the To: line and From: line, as well as the addresses on the RCPT TO: and MAIL FROM: lines on the envelope probably should be validated in some way. As well as the IP address(es) of the servers involved in mail delivery. SMTP doesn't do this, and there is a very thriving industry to provide just this sort of thing.