One major problem with detecting spam is that it is hard to seperate bulk
mail from legitimate mail for unknown senders. Therefore, I suggest the
following two-part system:
1. Unauthenticated senders will be required to add a token to their mail
indicating some amount of computation performed, specific to the
message and recepient, for example - creating an n-bit hash collission
with the message.
Messages without this token are returned with an explantion to the
sender, and perhaps with a human-verification fallback (such as
detecting letters in an image).
2. When signing up to a legitimate bulk mailer (mailing list, website,
etc.) you either send a signed certificate with the bulk mailer's public
key permiting him to send you mail, or add his public key to your
whitelist. The same can be done for friends.
The MUA should know if the recepient is on a whitelist by some means.
Also, the MUA should know how much work needs to be done, this can be done
by modifying the email address to something like me(_at_)myhost(_dot_)com#10,
which
means 10 bits of hashcash are required to send mail.
This method requires the following updates:
1. A user wishing to enjoy spamfree email must use a compatible MUA.
2. Bulk-mailers must upgrade their systems to send signed mails. This can
be overcome in the short term using From: whitelisting.
3. An email address should be allowed to have "#n" in the end. It's not
required in the transitional phase.
4. The MUA of legitimate unauthenticaed senders should be configured to
generate the hashcash. In the transitional phase, other human-detection
methods will be used,
Alon
--
This message was sent by Alon Altman (alon(_at_)alon(_dot_)wox(_dot_)org)
ICQ:1366540
The RIGHT way to contact me is by e-mail. I am otherwise nonexistent :)
--------------------------------------------------------------------------
-=[ Random Fortune ]=-
design, v.:
What you regret not doing later on.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg