ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: crypto-spam

2003-05-30 08:07:29
from [Valdis . Kletnieks] [Permanent Link] 
On Fri, 30 May 2003 09:14:51 EDT, Dave Aronson said:

"Tony Hain" <alh-ietf(_at_)tndh(_dot_)net> wrote:

 TH> Mail list servers would be a problem if we only use public
 TH> key, so another part of the new system could be establishing
 TH> a symmetric key as part of subscribing to a mail list.

Or alternately, some kind of whitelisting, so that encryption is not 
necessary at all.


The problem is that to be effective, the whitelisting has to happen at
your mail server, not your MUA.  And although there's at least a *chance*
of your MUA twigging onto the fact that you sent a 'subscribe' request,
it's not clear that your provider's MTA can check and auto-whitelist your
subscriptions (especially since the 'subscribe' in general does *NOT*
give a hint of what MAIL FROM: to whitelist (especially if the list
is using VERPs or similar)....

And of course, "fill out this form on a webpage" subscriptions are a near-total
loss for automagic whitelisting - which means that the provider's phone WILL
ring.. ;)

It's not clear that you can expect users to hand-whitelist correctly either,
especially if the list doesn't give you an RFC2919-style hint of what to
whitelist (and see my comment about VERPs)....

Attachment: pgpfhuniVzNmb.pgp
Description: PGP signature

[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: spam, Dave Aronson
Next by Date:  Re: spam, Vernon Schryver
Previous by Thread:  crypto-spam, Dave Aronson
Next by Thread:  Re: The utilitiy of IP is at stake here, Eric A. Hall
Indexes:  [Date] [Thread] [Top] [All Lists]