ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Asrg] Proxy your address (Was: Random thought)

2003-03-13 08:17:01
from [Jason Hihn] [Permanent Link] 
-----Original Message-----
From: asrg-admin(_at_)ietf(_dot_)org 
[mailto:asrg-admin(_at_)ietf(_dot_)org]On Behalf Of
Damien Morton
Sent: Wednesday, March 12, 2003 11:06 PM
To: 'Kee Hinckley'; 'ASRG'
Subject: RE: [Asrg] Random thought

...

Yeah - fundamentally, any spam solution has to be able to pass this
test:

Can I publish my email address anywhere and not expect to inundated with
spam.

Well then do this:
1) we'll leave a 'calling card' (that looks like an email address for
scripts that check for validity) when we use mail and BBS's
(ASED232(_at_)hotmail(_dot_)com) (It can be a current email address eventually, 
but
bare with me here...)

2) In order to send a message to me, I must approve you. This is done by
sending me your email address (and maybe a short message). I will then give
you an encoded address to use to send mail to me. The encoded address will
use an algorithm and values of my random choosing. The encoded address will
take into account your email address and my email address.

3) You can send to the encoded address where my server will apply the from:
address to the destination address, revealing your address (mailbox) for the
mail to be deposited in.

What we have here now is a way for one-to-one verification. It works well
for ICQ AIM and the rest of the services that are pretty much junk free (ICQ
screwed some stuff up early on, but I'd not mind spam email at the frequency
of ICQ junk - 3 a month and I have a 7 digit number.)

Your hashed ID can be sold, but we still have some accountability because
the From address must remain the same for the hash to hash to your mailbox.

Once verified the user can store the hashed address in their address book.
It was still easy to give out how to get in touch with me for business cards
and the like. (We can now illustratively change back from
ASED232(_at_)hotmail(_dot_)com to joe(_at_)hotmail(_dot_)com since you've 
followed me through the
example - I hope it didn't make it more complicated to follow)

If implemented today, we'd get flooded with spam requests for IDs. No one
would answer them unless a victim of social engineering. Spam would stop
after a flood of requests. The only spam to remain is resold hashes and
from: addresses which are filterable.

Comments?







_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Asrg] Whitelisting issues, Kee Hinckley
Next by Date:  [Asrg] Washington Post article on Spam, Jason Hihn
Previous by Thread:  Re: [Asrg] deautomation is the key?, Kee Hinckley
Next by Thread:  [Asrg] RE: Proxy your address (Was: Random thought), Damien Morton
Indexes:  [Date] [Thread] [Top] [All Lists]