I'd like to present you my anti-spam idea which I call Spam Salt.
The idea is to assign an additional secret key (salt) to each email
user account. The email sender uses the salt and the message
contents to calculate a hash value and adds that hash value as a new
email header. [...]
This is just a particular flavour of signing. Like most signing
schemes, it really does nothing to address spam; to the extent it
addresses anything, it addresses forgery. (This is not totally
unrelated to addressing spam, but it's very far from the same thing.)
To be at least somewhat fair, the webpage you name below does seem to
indicate you realize this at some level, though your wording ("the
problem that spammers might register a domain for the sole purpose to
send spam messages from email addresses at that domain") indicates you
are unaware of the current extent of the problem - there is no "might"
whatever about that scenario.
See also
http://www.rhyolite.com/anti-spam/you-might-be.html#irresistible-bandwagon
As soon as multiple email recipients report that a sender is sending
spam, the sender's salt gets changed,
See http://www.rhyolite.com/anti-spam/you-might-be.html#programmer-13
(the wording in the list doesn't quite apply, but I trust it's easy to
see how the same basic idea applies here).
http://kuix.de/spamsalt/
Further quotes are from there.
If we had established an environment where spammers are required to
provide the MX/MSALT infrastructure, required in order to get their
spam through to user's eyes, because messages without spam salt hash
values won't be looked at by most users, then, I believe, we would
have made a huge step forward.
Indeed we would.
I note you give no hint of how we are to get from here to there.
http://www.rhyolite.com/anti-spam/you-might-be.html#senior-IETF-member-5
It can be easily shown that a domain owner ignores spam reports. If
spam email messages still verify correctly, despite many users having
reported spam messages, then the domain owner doesn't follow the
rules of the Spam Salt infrastructure.
So what? Not following the rules mostly doesn't matter, or nobody
would still be listening to the likes of Google and Yahoo.
Maybe this behaviour might even be sufficient proof to justify to sue
a domain owner for sending lots of spam?
Good luck. Let us know when you get anyone shut down based on such a
suit. You might want to start with a ROKSO spammer; they are already
known, identifiable entities with a clear enough history of spamming to
stand out even among spammers. Until you find a way to use a legal
system to shut them down, I think anything that depends on a legal
system being a justice system is a non-starter.
You also might want to consider the issues involved in trying to sue,
for example, a Nigerian cybercafe, a Russian spam gang, and the botnet
herder behind whatever botnet dumped the latest spew from a compromised
end-user system in your mailbox. Under some legal systems you might be
able to get an absentee judgement. Let us know how well that works to
get the sender shut down.
Evidence can be easily collected by having some spam fighting
organization run multiple honeypot email boxes, have a human identify
a spam message, and send multiple spam reports for every message
having identical contents, received at each of the honeypot
mailboxes.
Easily? Paid for by whom? Or are you volunteering to do all this?
This invention has been submitted to the USPTO by my employer Red
Hat, Inc., a member of the Open Invention Network.
If anyone has to do _anything_ in order to use this idea legally, that
will be a substantial barrier to adoption.
I can understand defensive patenting in the USA. But, based on their
webpages, that's not what the OIN does. While I'm outside the USA and
thus don't care about the USPTO, if I were inside it, this would
totally kill any tendency I might have towards using this idea. If you
really want to advance the state of the art, start by granting
irrevocable, royalty-free, *sublicensable* licenses in perpetuity to a
few entities trusted by the culture - the IETF, Eric Raymond, and
Richard Stallman, to name the first three who come to mind. If you're
not willing to go that far, I for one consider your idea just another
proprietary (and thus unusable in general) scheme.
I also think your patent is dead if anyone bothers to fight it.
Digital signatures for mail (which this is just a particular flavour
of) have been widely used for decades; if your patent claims are narrow
enough that historical signature schemes don't form prior art, it is
probably trivial to do something functionally equivalent that doesn't
infringe.
/~\ The ASCII Mouse
\ / Ribbon Campaign
X Against HTML mouse(_at_)rodents-montreal(_dot_)org
/ \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg