The MIT 2004 Spam Conference
Posted Jan 22, 2004 15:02 UTC (Thu) by farnz
Parent article: The MIT 2004 Spam Conference
I noticed very few people discussing the possible gains from using OpenPGP as a way to limit e-mail spam.
Simply put, signing messages with a valid signature is non-trivial;
forging a signature is even harder. At this point, any unsigned mail is
suspicious; any mail that's signed by someone I trust (because I trust
the signer) or encrypted to me (which is an operation per recipient) is
definitely not spam. Any mail signed by one of the listed keys is
definitely spam. Any mail whose signature is from an unrecognised key is
It doesn't take much to distribute a list of keys known to have been
used by spammers, since keys are small (typically a few kilobits), and
can fit into a DNS-based RBL. The only way round it is to somehow obtain
a trusted key (which is likely to be hard, since a key is only trusted if
I have said I trust it, or enough people whose keys I trust highly have
said it's trusted), or to encrypt messages to the recipient, which is an
operation per recipient, and drives up the cost of spam considerably.
Of course, this system has a major problem (probably insurmountable,
as with most of these technical/social problems): how do we get all users
to use OpenPGP?
to post comments)