E-Mail Authentication Will Not End Spam, Panelists Say
Russell Nelson
nelson at crynwr.com
Thu Nov 18 21:15:17 EST 2004
R.A. Hettinga writes:
> Any e-mail authentication system, for example, would check that the block
> of Internet addresses assigned to an e-mail provider includes the specific
> numeric address of a sender of a piece of e-mail.
Huh? Somebody is confused here. DomainKeys is 1) an e-mail
authentication system, and 2) it doesn't check IP addresses. Instead,
it uses cryptographic signing using public/private keys which have the
potential of being assigned down to the individual level.
> Still, panelists insisted authentication is a vital first step. After that,
> they said, could come a system that evaluates the "reputation" of senders,
> perhaps using a process that marks good e-mail with an electronic seal of
> approval.
Yes, this is true. John Gilmore is a pain in the ass for standing on
his rights (some government types might say *fucking* pain in the
ass), but he is correct. ALL of the effort spent to secure open
relays was basically wasted effort, because spammers just moved on to
insecure client machines. The proper route to control spam is to
involve users in prioritizing their email, so that their friend's
email comes first, followed by anybody they've sent mail to, followed
by people they've gotten email from before, followed by mailing list
mail, followed by email from strangers (which is where all the spam
is). All of that relies on email authentication to work.
Why the heck can't we just shortcut all this pain, and just listen to
John in the first place? I vote to elect John to the post of
Benevolent Dictator For Life.
--
--My blog is at angry-economist.russnelson.com | Violence never solves
Crynwr sells support for free software | PGPok | problems, it just changes
521 Pleasant Valley Rd. | +1 212-202-2318 voice | them into more subtle
Potsdam, NY 13676-3213 | FWD# 404529 via VOIP | problems.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list