ietf
[Top] [All Lists]

Re: authenticated email

2003-06-05 01:08:32
Franck writes:

Someone unknown to me send me an e-mail. I do not
receive this e-mail yet but an automatic reply ask
the person to perform a task to authenticate itself...
Like replying to a specific address after reading
the message (something like a simple Turing test to
prove the person is human). The e-mail of this person
is then added to my whitelist, I receive this person
e-mail as well as all subsequent e-mails....

All well and good in principle, but many of your correspondents will be
confused by the automatic reply, and many also will not consider it
worthwhile to perform the authentication task just to join your whitelist.
So you will lose legitimate e-mail in this way, just as you would with
automated spam filter.

Any person that wants to talk to me will follow
the procedure ...

Any person who wants to talk to you badly enough will follow the procedure.
But other correspondents may find the task so time-consuming and troublesome
to carry out, and so will simply abandon their attempt to communicate
instead.  In some cases, these latter correspondents may have important
things to say.  So you risk the loss of important, legitimate e-mail.

... any spammer will not bother to follow the procedure
because suddenly it costs him time therefore money ...

The problem is that it will cost ALL of your correspondents time and money.
Those who do not wish to spend extra time and money to talk to you will stop
communicating, even if they are not spammers.

Here again, the fundamental difficulty is that there is no way for a machine
to distinguish between spam and legitimate e-mail; any remedy applied to
spam will also reject legitimate e-mail, and any remedy that guarantees
passage of all legitimate e-mail will also allow spam to get through.  Only
individual human inspection of e-mail messages can separate spam and
legitimate e-mail with 100% accuracy.

Now what digital signing should bring, the power
to sue because of the traceability.

Not if the signing party is out of legal reach.  Once again, the problem is
a human problem, in that there is no fundamental, machine-readable
difference between a spammer's signature and a legitimate correspondent's
signature, so just putting signatures on e-mail will not allow spam to be
automatically excluded, and requiring signatures will reject legitimate
correspondents just as readily as it deters spammers.





<Prev in Thread] Current Thread [Next in Thread>