ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Asrg] Spam Salt, an email sender authentication mechanism

2010-09-28 14:31:19
from [der Mouse] [Permanent Link] 
Wouldn't it help to introduce an universal mechanism that makes
forgery difficult, in order to make sender addresses in emails more
reliable?


Yes.

I don't think SpamSalt is it.  It assumes all receivers have direct
Internet connectivity.  It fails to address the elephant-in-the-room of
botnets.  As far as I can see it does not provide anything not already
provided by schemes like DKIM.  It is, or at least is likely to become,
encumbered.


As of today, I can't see anti-forgery mechanisms being used in most
emails I receive.


Well, I can't speak to your mail flow.  But I already have a perfectly
good anti-forgery mechanism available in the form of PGP (the line of
hex in my signature is my PGP key fingerprint) but I don't see enough
value in it to bother using it, even as low as the cost is.


I presume that each of the previously proposed flavours of signing
might have had properties that made them difficult to be deployed
universally.


So does yours.  It requires changes to all recipient mailservers and/or
user agents (to check the signatures), and all sender mailservers
and/or user agents (to generate the signatures), just for starters.


The key part of my proposal is to introcuce an authentication
mechanism, an anti-forgery mechanism, and I hope I came up with a
scheme that doesn't require immediate intrusive migration efforts,
but can grow over time.


Yes, in that you succeeded.  There's the quadratic adoption effect, but
that's inevitable, and you did indeed come up with something that has
no costs beyond those inherent in implementation for early adopters.

As for the whole patent issue, this is mostly an anti-spam list, so
I'll confine myself to noting that the OIN is defensive for nobody but
Linux, as far as I can tell, and lots of people have no interest in
having anything to do with Linux.  If I have to run Linux to be safe
from your patent (which as far as I can tell I would, and maybe even
that wouldn't be enough), I'll just not use it at all.

/~\ The ASCII                             Mouse
\ / Ribbon Campaign
 X  Against HTML                mouse(_at_)rodents-montreal(_dot_)org
/ \ Email!           7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Asrg] Spam Salt, an email sender authentication mechanism, mathew
Next by Date:  Re: [Asrg] well known techniques, was Spam Salt, der Mouse
Previous by Thread:  Re: [Asrg] Spam Salt, an email sender authentication mechanism, mathew
Next by Thread:  Re: [Asrg] Spam Salt, an email sender authentication mechanism, Kai Engert
Indexes:  [Date] [Thread] [Top] [All Lists]