ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Asrg] My take on e-postage

2004-04-26 15:39:06
from [GertJan Hagenaars] [Permanent Link] 
Apparently, der Mouse wrote:
% >> It's a lot more than that that the stamp vendor needs to keep track
% >> of.  The first thing that comes to mind is that recipients need a
% >> way to check that a stamp hasn't already been used
% > Not necessary, if the stamp cryptographically includes both the
% > sender and recipient addresses.
% 
% Then the recipient needs a way to check the crypto signature - and even
% then, you have to figure out a way that stamps can't get reused with
% forged sender addresses.  (That is, X sends mail to Y, with a valid
% stamp <X,Y>.  Spammer gets hold of a copy (through any of many possible
% means) and sends mail with that stamp, to Y, forging X's address as the
% sender.)

Keep a cache of "seen stamps" for 10 days, refuse delivery of duplicate
stamps, and make sure that stamps expire after a week or so.

I do that now with message-IDs to remove duplicate messages to my inbox.

However, the real trick is that it becomes much harder to scale this
even if stamps are readily available.  Instead of just using a single
"to", now the spammer needs to keep track of both "from" and "to".  And
because of this, it becomes much easier to filter out specific spam.

E.g. if I intend to receive email from you, I would have a specific
filter that says that I will need to see a received line with
sparkle.rodents in it.  Or that I need to see the phrase "Ribbon
Campaign" in the body of the email.

Now we're getting into the area where it is no longer possible for a
spammer to break into this scheme without a lot more knowledge of how my
filters are set up.

<pre>
% /~\ The ASCII                         der Mouse
% \ / Ribbon Campaign
%  X  Against HTML             
mouse(_at_)rodents(_dot_)montreal(_dot_)qc(_dot_)ca
% / \ Email!         7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B
</pre>

CHeers,
GertJan.

-- 
+++++++++++++ -------- +++++ --- ++ - +0+ + ++ +++ +++++ ++++++++ +++++++++++++
sed '/^[when][coders]/!d         G.J.W. Hagenaars -- gj at hagenaars dot com
    /^...[discover].$/d          Remembering Mike Carty 1968-1994
   /^..[real].[code]$/!d         UltrixIrixAIXHPUXSunOSLinuxBSD, nothing but nix
' /usr/dict/words                I'm Dutch, what's _your_ excuse?

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Asrg] Re: Asrg] My take on e-postage, Jonathan Morton
Next by Date:  Re: [Asrg] hashcash, was My take on e-postage, Jonathan Morton
Previous by Thread:  Re: [Asrg] My take on e-postage, Jonathan Morton
Next by Thread:  Re: [Asrg] My take on e-postage, Barry Shein
Indexes:  [Date] [Thread] [Top] [All Lists]