yahoo to use public key technology for anti-spam
Sidney Markowitz
sidney at sidney.com
Sun Dec 7 15:10:34 EST 2003
Carl Ellison wrote:
> So, in capsule: this proposal assumes that you use
> the same machine for outgoing and incoming e-mail.
No, it implies a service that your outgoing mail server makes available
that has you authenticate to it in some way and then signs your mail in
some way.
The article doesn't make clear exactly how it would work. The signature
might just certify that the mail really was sent through the mail server
that the headers claim was used. That would allow you to use any email
address that you want, such as your acm.org address, and the signature
certifies that you authenticated yourself with the SMTP server.
My ISP recently switched to using TLS SMTP/Auth for access to their SMTP
server from outside their network for their customers. It would be easy
and useful for them to stamp mail that I send to show that it really was
sent through their SMTP server and that they know who I am.
This might not be exactly the same as what Yahoo! is talking about: They
might be thinking only about mail with a yahoo.com From address being
sent through a yahoo.com server and being signed with a key associated
with the yahoo.com domain. But if the signature is taken to authenticate
the domain of the SMTP server in the initial Received header, then it is
possible to maintain lists of servers of ISPs who are trusted to
authenticate users of their SMTP servers and to have anti-spam policies,
and blacklists of servers that are spam sources. The From address would
be irrelevant.
-- sidney
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list