ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: [Asrg] How to defeat spam that uses encryption?

2003-04-01 14:47:46
from [Jason Hihn] [Permanent Link] 
Basic idea:

  Bubba writes an email to Boffo.

  Bubba's MUA looks for a locally stored consent token from Boffo and
  fails to find one.  This is done at the MUA level as definitions are
  contextual, subjective, etc.

  Bubba's MUA emails Boffo for a consent token.  This could also happen
  via LDAP or SMTP extension ala VRFY or or or...  I use SMTP as the
  transport as it allows for disconnected operation (eg third world
  behind UUCP, dialup, etc).

    ObNote: Grammar and typing could be encoded into the consent token
    request to allow requesters to describe what type of mail they want
    to send to the stranger, thus allowing some forms of policy to be
    stated -- but that's a feature for Good Guys, not spammers.

  Boffo's MUA auto-replies with a token (which is really a dated source
  address).


Thus verifying the existence of the receiver...


  Bubba's MUA receives the token, stores the token for future use
  (policy encoded in the consent reply), and sends Bubba's mail
  appropriately.

  Boffo, on receiving a SPAM can revoke the token, all tokens for that
  sender, etc.


Boffo can sell the address to spammers, who will get a first provisional
token, have it revoked and then change their identity and get a new one.
Boffo can do that too.


  List servers and legit marketing groups the like can auto-establish
  the token arrangement at subscribe time, and auto-renew as tokens
  expire.



Looks like you've just reimplemented DHCP but for mail? (Leases essentially)

Continuing to use network analogies... To send a packet, you have to make
your MAC address visible on the network. An acceptable policy. The receiver
does not need to expose himself past his local trusted switch to catch the
packet, but performs no action on the wire receive. If the packet makes it
there or not and is successfully processed by the receiver no one knows,
unless you use a higher level bi-directional protocol like TCP.

I see one possible future is analogous to TCP between consenting parties,
and UDP  between non-consensual ones. Consenting parties tent not to mind to
know each other (usually) and with non-consensual ones the receiver should
not have to be known to exist. Your scheme requires that.


_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Asrg] spamstones, Justin Mason
Next by Date:  Re: [Asrg] spamstones, Liudvikas Bukys
Previous by Thread:  Re: [Asrg] How to defeat spam that uses encryption?, J C Lawrence
Next by Thread:  Re: [Asrg] How to defeat spam that uses encryption?, J C Lawrence
Indexes:  [Date] [Thread] [Top] [All Lists]