[Cryptography] Paid SMTP (FUSSP)
John Levine
johnl at iecc.com
Tue Feb 27 20:30:20 EST 2018
In article <CAAMy4URmBXHP1TfnOU3HAt4s96Q_Kd753yNtBE7hZNHvgA7G-w at mail.gmail.com> you write:
>I am using a web interface to a mail service. That service could
>cryptographically sign all my messages
>and put the signature in the message or a header to aid filters.
> Recipients and re-senders (list servers) can
>inspect that signature and decide.
It's been signing your mail for years. Here's one of the headers in your message:
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=niftyegg-com.20150623.gappssmtp.com;
s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to
:cc; bh=elnnTefLiFiuY7kxvuFs/nU3PYN6heETTedSyDn0Rt8=;
b=lp9Ehmveisb1+BaEfVLi+7J/k7w8OInj+6Ok3qvZulGvx/zDvinv8PwVuLIbMMqApu
gH09M++iXXzcYKaI+QKFHQjaBAldgDSr3ULN5i6L/wXDIaJlXgKBFw5/gm0YvWKgv7pT
+Xlg2+NAhh+oU2EG4bd24VdCOwhIn9QQB9MRIanNhURa6JEQyQFWG8JypbevjRJbafLD
qFRHTFFTly/iq6p+NLJIG4oImuETfvS+TMFdETpHpYdb1tLynjsf5EyAT3Nxvhz3
>Introductions can be implied or co-signed by a list server.
Oops, we're into FUSSP territory here. Lots of people have had the
idea that we can divide senders into good ones and bad ones and only
accept mail from the good ones, thereby replacing the spam problem
with the introduction problem. It doesn't work. For one thing, the
introduction problem turns out to be really hard, for another, the
ability to send e-mail to a stranger is not a bug.
>SMTP authentication today is domain based... extending to add a post
>delivery hook for user@ could allow a finer grained
>management.
This might be a good time to think about S/MIME and PGP, both of which
offer per-mailbox signatures, and both of which have failed to gain
more than niche usage in 20 years despite being built into most MUAs.
R's,
John
More information about the cryptography
mailing list