yahoo to use public key technology for anti-spam

Anton Stiglic astiglic at okiok.com
Mon Dec 8 13:15:34 EST 2003


----- Original Message ----- 
From: "Steven M. Bellovin" <smb at research.att.com>

> I use a variety of email addresses, for various reasons.  I have my 
> usual work account, some university accounts, a few personal accounts, 
> one I reserve for EBay use, etc.  I also use several different SMTP 
> servers to send my email.  I *always* have a secure tunnel set up; in 
> fact, Postfix on my laptop is hard-wired to send to port 20025 on 
> 127.0.0.1.  Of course, where that ends up will vary, but it's not in a 
> one-to-one correspondence with the sending address I use.  The Yahoo 
> scheme would apparently require that each email I send be routed via 
> the domain owner's SMTP server.  

So I`m guessing you have all your emails forwarded to one mail account
and fetch them all from there, and when you reply or send a new email
you just use one of your SMTP servers, which doesn't necessarily 
correspond to the incoming (POP or IMAP or whatever) server you
received the mail from.  
Is that correct?
In that case I guess it becomes problematic.
If you just receive your mail from one incoming server I don't see a
problem of having your mail be sent via the SMTP on same machine
where your incoming mail server resides. 

If the signature just certified that the mail was relayed via an SMTP
server where the user authenticated himself I think that would be a 
good idea (SMTP server that necessarily on the same machine than
the incoming mail server).  Than at least you would know that the 
email you received was send by someone who authenticated himself 
to some SMTP server, and not just someone that sent the email via 
an open relay.

If you want something better it seems that it requires the sender to 
have possession of his private signature key and sign the emails 
he sends, but that's not a user-friendly solution and I think we all
agree that it won't work in practice (not transparent enough...)

--Anton

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list