From: Jason Hihn [mailto:jhihn(_at_)paytimepayroll(_dot_)com]
-----Original Message-----
From: asrg-admin(_at_)ietf(_dot_)org
[mailto:asrg-admin(_at_)ietf(_dot_)org]On Behalf Of
Damien Morton
...
Yeah - fundamentally, any spam solution has to be able to pass this
test:
Can I publish my email address anywhere and not expect to inundated
with spam.
Well then do this:
1) we'll leave a 'calling card' (that looks like an email
address for scripts that check for validity) when we use mail
and BBS's
(ASED232(_at_)hotmail(_dot_)com) (It can be a current email address
eventually, but bare with me here...)
2) In order to send a message to me, I must approve you. This
is done by sending me your email address (and maybe a short
message). I will then give you an encoded address to use to
send mail to me. The encoded address will use an algorithm
and values of my random choosing. The encoded address will
take into account your email address and my email address.
Too much trouble for me. I want to publish my email address the same way
I can publish my phone number. I _want_ individual strangers to be able
to reach me without having to jump through hurdles. Im lazy, and keeping
a whitelist is too much trouble for me, especially for my publically
available email address. I don't want spam, however.
3) You can send to the encoded address where my server will
apply the from: address to the destination address, revealing
your address (mailbox) for the mail to be deposited in.
What we have here now is a way for one-to-one verification.
It works well for ICQ AIM and the rest of the services that
are pretty much junk free (ICQ screwed some stuff up early
on, but I'd not mind spam email at the frequency of ICQ junk
- 3 a month and I have a 7 digit number.)
Your hashed ID can be sold, but we still have some
accountability because the From address must remain the same
for the hash to hash to your mailbox.
Once verified the user can store the hashed address in their
address book. It was still easy to give out how to get in
touch with me for business cards and the like. (We can now
illustratively change back from ASED232(_at_)hotmail(_dot_)com to
joe(_at_)hotmail(_dot_)com since you've followed me through the example
- I hope it didn't make it more complicated to follow)
If implemented today, we'd get flooded with spam requests for
IDs. No one would answer them unless a victim of social
engineering. Spam would stop after a flood of requests. The
only spam to remain is resold hashes and
from: addresses which are filterable.
Comments?
Try explaining your system my 70-year old uncle who still keeps all of
his documents on his mac os desktop because folders are too complicated.
He'll just give up. Its too complicated for 99% of users of email.
Sender-pays, on the other hand, could be completely invisible to the
user, if implemented as a trading arrangement between ISPs. Think of it
like carbon-rights trading, but for email.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg