| |||||||||||||
|
| |||||||||||||
Thrusted mail ?Thrusted mail ?Posted May 7, 2004 8:14 UTC (Fri) by dd9jn (subscriber, #4459)In reply to: Thrusted mail ? by bockman Parent article: 82% of email is spam Sorry, that does not work. The problem is the definition of what makes up a "good signature". Yeah, we know about the Web of Trust and hierachical trust models but this will only work between people who know each other. This would lead to a system of closed groups like BBSes decades ago. If you don't care about the validity of the signature, but merely check for the mathematical correctness, spammers will simply create new keys for each spam and sign it. No, there is no performance problem given the legions of zombies waiting for their evil masters.
(Log in to post comments)
Thrusted mail ? Posted May 7, 2004 11:22 UTC (Fri) by bockman (guest, #3650) [Link] Uhm, maybe my usage of e-mail is anomalous, but 99% of the mail I receive, at work and at home, belongs to one of these categories:- people I know (and then I can get their publick key) - mailing list or newsletted which I subscribed to (and also here, a public key could be distributed by the mailing list ) - Spam/viruses (ok, viruses could also come from known people, but spam usually doesn't) Once per month, or even less, I may receive a mail from an unknown person, that wants to get in touch with me. Therefore, for me would be very easy to define a list of 'good signatures' that could be used to filter my mail (possibly at server level). If I don't want to loose the mail from unauthenticated sources, I could isolate it in a separate mail folder, to check when/if I want. This mail folder could collect spam, but at least it is nicely isolated (and if I get too much annoyed, I could simply bounce unauthenticated mail). Now, I understand that people, and especially business, can use e-mail to get in touch daily with unknown people. But I believe that a lot of people have an e-mail behaviour very similar to mine.
Thrusted mail ? Posted May 7, 2004 12:37 UTC (Fri) by dd9jn (subscriber, #4459) [Link] It is not only businesses receiving a lot of mail from yet unknown people but also people from the Free Software community, especially authors and maintainers. There is as well the problem of resending and forwarding messages.Mailing lists are another problem. Of course the mailing list software could sign all message to be send out but that won't help. For a closed mailing list this will currently help but I have already encountered faked From addresses (which are the current way of authenticating subscribers) which led spam slip through. Open mailing lists (everyone is allowed to post) are already nice spam exploders and it won't help to have a signature applied by the ML software. Over short or long we have to change the authentication of mailing lists anyway to a stronger one (i.e. only accept signed posts), but this will require manual approval of subscription requests to sort out spammers. For some mailing lists this will not be possible at all - think of a help list for the signing or MUA software ;-).
Thrusted mail ? Posted May 8, 2004 16:56 UTC (Sat) by giraffedata (subscriber, #1954) [Link] Your system doesn't even require signatures. It's exactly what I do today, based on the from: header. The from: header is successfully forged (i.e. has one of the 2,000 addresses in my white list) in less than 1% of my spam.But I still have a big problem. I route the stranger mail to a special folder, which I check daily, but there are 250 spams a day. I've had to start automatically deleting some of it (e.g. any all-html email), but that's risky. I think people who believe the only interesting email they will get is from acquaintances lack imagination. You can't just delete mail from strangers; you have to spend some time looking at it to see if it's spam. I occasionally have my outgoing emails bounced by overzealous spam filters, and in every case the recipient would have been glad to get my email.
|
|
||||||||||||