I've been lurking all this time, and was about to give up completely on
this thread, but then I got sucked into the reality distortion field,
drank the kool-aid, and, well....
One problem with attaching the "secret" string to an email address is
how that is done at the sender's side. I can see email clients
automating the process, which is fine, until a virus comes along and
starts popping off random emails.
Plus, how would CC: and vast To: lists hide the secret string?
Clint (JOATMON) Chaplin
"Anthony Atkielski" <anthony(_at_)atkielski(_dot_)com> 5/28/03 21:20:47 >>>
Tony writes:
Which is precisely the goal. It is not so extreme
as to make routine mail unusable, but extreme enough
to make random bulk mail not worth the cost.
Point taken, although I think conventional encryption would probably a
better choice for this purpose.
I think, though, that a more effective method would be to find
something
that one can require on each message and that is not trivially easy for
a
computer to do automatically.
For example, the various admininstrations passing through the White
House
have long had a policy of establishing a "secret number" or similar
text
that must be placed on any incoming letter that is to be forwarded
directly
to the President or his family with minimal screening. The President
and
family then give this number to a select few people. Any
correspondence
without the number goes through all the usual screening.
This works because the number is an out-of-band datum that the average
sender is not likely to have. It is communicated from human being to
human
being, and isn't to be found anywhere in public. So it cannot be
automatically added by a machine, nor can unauthorized people add it.
A simple e-mail implementation of this would be to place a random
string in
the subject line of a message intended for a specific recipient that
serves
the same purpose as this "secret number." The string would be
different for
each recipient, and the only way to obtain it would be through some
out-of-band process (such as contacting the recipient by phone, or
something). Since there would be no record of this anywhere that
spammers
could harvest, it would be impossible for spammers to include these
numbers
on outgoing mail. Very simple, and very effective. It would, however,
be
nice to have e-mail clients that automated this, by allow for a secret
number field in address books that would make it possible to insert
them
automatically on outgoing mail (most clients already provide a way to
filter
for such numbers on incoming mail).
Digital signatures and similar authentication would work but are
overkill.
All you need is some bit of information that spammers cannot harvest,
and
the above random string fits that purpose. Spammers might pick up
your
address on a newsgroup or Web site, but they'd have no way of
discovering
your secret number.
That simply provides message integrity ...
Hash it and sign it with the public key of the recipient. That would
work,
because spammers would not have the public key, whereas legitimate
senders
would.
However, I think the secret-number concept described above would be
much
similar and would be just as effective.
________________________________________________________________________
This email has been scanned for computer viruses.