[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Asrg] How to defeat spam that uses encryption?
On Mon, 31 Mar 2003 21:30:53 -0500
Eric D Williams <eric@infobro.com> wrote:
> I too agree that encryption should not be considered a primary
> solution for spam as it constitutes a prohibitive threshold before any
> significant results could be realized.
An aspect I've been musing on is adding forward chained digital
signatures to Received: headers with the receiving system's DNS record
publishing the public key. Loosely:
A clear text version and a digital signature of the following data
are encoded into the Received: header:
-- the Message-ID
-- address of the MX generating the header as a string (this
allows later callback verification)
-- the timestamp of the time the Received: header is generated
-- the matching digital signature of the immediately prior
Received: header (allows back chaining and trust verification of
the transaction stream).
Key width could be fairly small. There are a few changes to RFC
2822 in there as well (like Message IDs are now mandatory).
It suffers the same threshold problems, but could creep out fairly
quickly given a few more security holes in sendmail.
--
J C Lawrence
---------(*) Satan, oscillate my metallic sonatas.
claw@kanga.nu He lived as a devil, eh?
http://www.kanga.nu/~claw/ Evil is a name of a foeman, as I live.
_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg