Fwd: [Asrg] A New Plan for No Spam / Velocity Indicator

Victor.Duchovni at morganstanley.com Victor.Duchovni at morganstanley.com
Mon Apr 28 16:22:39 EDT 2003 

On Sat, 26 Apr 2003, R. A. Hettinga wrote:

> From: "Hallam-Baker, Phillip" <pbaker at verisign.com>
> To: asrg at ietf.org
> Subject: [Asrg] A New Plan for No Spam / Velocity Indicator
>
> http://www.verisign.com/resources/wp/spam/no_spam.pdf

Seems rather naive to downright ignorant to me:

[QUOTE]
  1/3rd of the emails were not correctly addressed to the recipient.
  These messages could be excluded by simply enforcing the RFC822 message
  standard that requires every message to have a valid To: CC: or BCC:
  field identifying the recipient, making adjustment where necessary to
  account for messages relayed through mailing lists.
[END QUOTE]

Since when does the recipient get to see the contents of the BCC field?
Since when do the recipient and sender necessarily agree on the
recipient's email address?

> Each time a signature is created the velocity indicator is updated to
> reflect the current rate of signing (you could also have a count of the
> total signatures over the lifetime of the message). This could be the
> signatures in the past hour and the past day (say).
>
> When a recipient receives a message the velocity indicator and signature are
> checked. The probability that a message is spam is low if BOTH the signature
> binds to the specific delivery of the message to the user (i.e. has a valid
> to: field) and the velocity indicated is low.
>

This requires global replacement of all MUA software and hardware. This
fails to address BCC email (e.g. mailing lists). This fails to address
in-transit header rewriting. (The "To:" header is not suitable for
signing, the signed recipient would need a new header). The chances of a
a free system of this sort gaining any wide acceptance appear minimal to
me a royalty based system seems substantially less likely to take hold.

-- 
	Viktor.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list