'E-postmark' gives stamp of approval

bear bear at sonic.net
Thu Nov 28 14:27:38 EST 2002 


On Wed, 27 Nov 2002, Trei, Peter wrote:

>The PO tried marketing this service about 6 years ago.
>As far as I can see, this is almost identical to the last try.
>
>It failed in the marketplace then, and I see no reason
>whatsoever to think it will suceed now.


Hmmm.  Spam wasn't as big a problem six years ago, either.  And
businesses weren't looking at email as an avenue for legal and
commercial communication six years ago, either.

I dislike microsoft, but if this service is available without them,
and available for use by free software makers (yes, I know the
postmarks will still cost money, but the software to get them from
USPS doesn't have to be as proprietary or restricted as microsoft is
undoubtedly making theirs) it could become very useful.  If it becomes
widespread, I might start discarding unread all email from parties
unknown to me that doesn't bear a postmark, in the same way that I now
discard unread all email from parties unknown to me that doesn't have
my email address on it or that comes from untraceable hosts.

And the reason of course would be no different than the reason I throw
away all paper mail from parties unknown to me that doesn't bear at
least first-class postage; If somebody I don't know didn't pay enough
to show he gives a shit about talking to *me*, as opposed to any
random pair of eyeballs, then he's a bulkmailer and not worth my time.

The vulnerability of SMTP is a known problem. SMTP traffic, by
default, is easy to subvert, easy to eavesdrop on, easy to forge, easy
to divert, and easy to obfuscate.  SMTP is a playground for spammers
and con artists, and sufficiently unreliable and subvertible that no
legally binding or important documents can be safely trusted to it.
Business really wants a reliable electronic communications medium for
legally binding content, and SMTP is a spectacular failure on that
front. We have needed a better standard email protocol for a long
time, but the only real entries in the race have been locked up by
licensing costs and interoperability issues and so we've been hanging
ugly bags on the side of SMTP without fixing its fundamental issues.
We need a better protocol, for authentication, message integrity,
privacy, portability, and lots of other reasons. This product failed
six years ago, but I think that the SMTP problem, both as an open
wound into which spammers have been rubbing salt and as an
impossibility for confidential or legal-process communication, hurts
worse now than it hurt six years ago.  It may catch this time.

Not that I consider the US Postal service, or Microsoft, as players
likely to make anything *less* capable of being eavesdropped on or
subverted.  But authenticated senders, verifiable message integrity,
and reliable return-receipts for authenticated readers would be a step
forward, and I can't get any of them reliably with SMTP.

Sigh.  Ideally, I'd prefer the idea of a bond rather than a toll.  If
I could get email through some channel that guaranteed someone would
lose $1 *if* I designated their email as spam, I'd open every last
letter I got through that channel because I'd be confident that no
bulkmailer would *EVER* use it. I don't actually want corresponding
with me to cost money, I just don't want to be a "free target" for
bulkmailers.


				Bear





---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com

More information about the cryptography mailing list