Claudio Telmon <claudio(_at_)telmon(_dot_)org> wrote:
While what you say is true in general, I think you missed a critical
part of the consent framework I'm proposing. A consent-enabled
address will only accept messages from senders that received a valid
token for that address though some channel (usually, not
email). That is, each sender will only have tokens for
consent-enabled addresses he received a token for, which is
comparable to the number of addresses he has in his address book. If
the sender's system is compromised, the attacker/spammer will only
collect tokens for these addresses.
What benefit does that offer over using tagged addresses (with the tag
as the "consent token")? I do that now, for commercial mailers; when
an address starts getting spammed, I turn it off. Sometimes, I give
the company that got it a new address to use.
Seth
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg