why "penny black" etc. are not very useful (could crypto stop spam??)

Victor.Duchovni at morganstanley.com Victor.Duchovni at morganstanley.com
Fri Jan 2 12:19:52 EST 2004

On Thu, 1 Jan 2004, Amir Herzberg wrote:

> IMHO, your conclusion is wrong: cryptographic authentication could be a
> critical tool to stop spam; someone in our community should do this (write
> the software) already... How? E-mail (at least from new correspondents)
> must be signed by an `anti-spam mail certification authority (ASMCA)` -
> often the ISP of the sender. Recipient's mail client (or server) will
> reject mail (from new correspondents) not certified by a trustworthy ASMCA.
> If the mail was not rejected but later identified (by end user) as spam,
> the recipient client/ISP will not only know not to trust the sender's
> ASMCA, they will also have `proof` that this ASMCA approved (signed) this
> spam, so they can inform other ASMCA's and mail client/servers.

This is impractical. No such infrastructure will exist. Trust management
on the scale your propose is not feasible or desirable. The key feature of
email and what makes it the Internet's "killer application" is that anyone
can send email to anyone else. No central authority is needed to vouch for
the sender or the content.

Again, we do not need to cripple email to stop spam. For my mailbox, of
the 1000 spam messages a month that get past the RBL, 925 are caught by
the spam filter. I am left with 2-3 spam messages a day, why again do we
need to cripple the most important application on the Internet?


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list