On 1 Sep 2006 15:50:01 -0000, John Levine <asrg(_at_)johnlevine(_dot_)com>
wrote:
>> Recognizing mail from known correspondents is a very thoroughly solved
>> problem.
>I agree, yet my system is designed to recognize mail from unknown
sources.
I don't see you proposing anything that S/MIME doesn't do better. If
you S/MIME sign all your mail, each message has the key that
recipients need to recognize future mail from you, and existing MUA
address books already support it.
I will illustrate by example. You receive an email from a stranger. As is
often the case the email is not authenticated by DKIM or Sender ID, it isn't
S/MIME signed, and it isn't using a sub-address. Your filter rates this
email as having an intermediate risk for being spam.
Under my system this email would be bounced back to the sender along with a
sub-address. The sender's MUA will likely be updated to resend this bounce,
but if it isn't then all is not lost as the sender has the opportunity to
manually resend the bounce. The stranger's email is now authenticated. I
don't think that S/MIME is able to reproduce these functions.
But the spam problem is not the same as the introduction problem. ...
>Again, updates by a minuscule number of MUAs effectively eliminates the
>introduction problem for this system. Discussion lists like this one
would
>never face the introduction problem if the administrator used one of the
>popular MUAs
Right, so if I am a spammer, I need only subscribe to high-traffic lists,
collect the subaddresses as they come by, and then blast away.
Life would be good if I knew that all of the spam I received was the result
of my belonging to a single discussion list. I might demand that the list
operator not publicly disclose any of my sub-addresses. There are many
other viable ways to address the continued harvesting of emails from a
single clearly identified source. The list operator may find his domain on
the suspicious list if he continually supplies spammers with sub-addresses.
Michael
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg