On November 17, 2008 at 23:15 sethb(_at_)panix(_dot_)com (Seth) wrote:
Barry Shein <bzs(_at_)world(_dot_)std(_dot_)com> wrote:
But what are you saying, that it's impossible to generate a key
which, to a high degree of probability, can be verified as authentic
to some purpose?
Verified by whom, and why should they bother?
By the recipient, or maybe an upstream MTA. If I were a corporate site
and believed in the method I might toss bad email at the front lines.
Why bother? So you, or someone upstream from you, can reject mail
which doesn't have valid postage.
The Post Office verifies the stamps, because it sells them, and uses
them to ensure that you paid for its service.
Ok. And you've never looked at a letter which seemed to be personal,
not obviously junk, and then glanced at the postage and noticed it was
17c bulk rate or whatever and just tossed it? Or maybe turned it over,
companies which do that often put the return address on the back flap
so it looks like personal mail on the front? I do that all the time,
toss bulk rate junk mail w/o opening tho the other day I did find a $1
bill in one. Skinnerian intermittant reinforcement...the bastards!
But paper email is often more obviously junk, it usually screams junk,
glossy, pictures of starving little children or fancy wine bottle
openers, odd-sized, your name misspelled, mysterious phrases like
"Enjoy The Rewards of a Lifetime Right From Your Own Home!" whatever
*that* means, etc.
Email is more subtle. Knowing something about what the sender was
willing to pay to send it to you could be useful.
Like that this wouldn't fly because grandma wouldn't pay for it and
I pointed out (again) that in my scheme I wouldn't charge grandma,
only large bulk users, so that's a (dare I say it again) straw man.
I receive one message at a time. How do I know if it's from grandma
(so I don't need to look for a stamp), or a bulk sender?
Whitelisting?
I see a "stamp" as mostly a way to reject email for lack of
one. Beyond that you would use your usual methods.
What should be painfully obvious is that I've said about a dozen
times now that the goal here is to treat all bulk emailers alike in
an attempt to create an economic incentive.
I do _not_ want to treat all bulk emailers alike. When American
Express sends me email, I want to receive it. When Joe 419 sends me
email, I want not to receive it.
Well, and I say if this were adopted AMEX will put legitimate postage
on their email, Joe 419 won't. That's useful.
If I charge American Express, I'm not going to get the email I want
(or they'll charge me more, also undesirable).
If I charge Joe 419 but not grandma, he'll use grandma's infected
computer to send me email.
You're not the one doing the charging in the scheme I'm describing but
maybe you meant that generically, if ONE charges AMEX (any One)...
As to charges to Amex I doubt it'd be any more of any issue than Amex
having an SSL cert on their web site.
Does their paying for an SSL cert bug you?
As to grandma's infected computer we assume Joe 419 needs to send a
lot of email to be a problem, this sort of scheme puts some small
value on email which grandma can live with (e.g., 1,000 msgs/day free)
but Joe 419 cannot live with.
I'm just curious if anyone knows: Has Vista made *any* dent in the
zombie infection rate? Is it significantly harder to infect a Vista
system? It seems like all the "Are you sure?" pop-ups would at least
slow down the infected mail script stuff but I don't know if anyone
has an estimate yet, and I realize that day zero bugs keep popping up.
--
-Barry Shein
The World | bzs(_at_)TheWorld(_dot_)com |
http://www.TheWorld.com
Purveyors to the Trade | Voice: 800-THE-WRLD | Login: Nationwide
Software Tool & Die | Public Access Internet | SINCE 1989 *oo*
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
https://www.irtf.org/mailman/listinfo/asrg