On Mon, 09 Feb 2004 13:49:53 -0800
Ed Gerck <egerck(_at_)nma(_dot_)com> wrote:
8. How about spammers using 100,000 slave PCs to share the burden?
[...]
Comments?
Ed,
I'm not sure I see the value in requiring encryption. To me this does
not seem to really fix anything.
On the one hand, this just forces spammers to begin collecting public
keys and email addresses as opposed to just addresses. With the former,
they probably end up with a much more reliable and stable form of contact
since people are not going to want to have throw-away keys, at least not
in the way PGP, for example, is currently used.
On the other hand, this just adds some, but not that much in my opinion
a processing burden for spammers to encrypt messages. Processing that
can currently be found in compromised hosts (today) or in faster CPUs
(tomorrow). I think the argument becomes slightly stronger if the delay
is an absolute value that can be enforced per TCP segment, connection
or whatever, but even that is not ideal.
Also note, there is an addition burden placed on end users who rely on
receiving encrypted email in your proposal. Under your scheme, a user
has to go through the trouble of decrypting the message just to see if
it is spam or not. This eliminates almost all forms of automated spam
mitigation except those related to the low-level SMTP, DNS or other new
authentication/authorization techniques.
John