[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Asrg] How to defeat spam that uses encryption?

To: J C Lawrence <claw@kanga.nu>
Subject: RE: [Asrg] How to defeat spam that uses encryption?
From: Jason Hihn <jhihn@paytimepayroll.com>
Date: Tue, 01 Apr 2003 16:47:06 -0500
Cc: asrg@ietf.org
Importance: Normal
In-reply-to: <23564.1049229443@kanga.nu>
List-archive: <https://www1.ietf.org/pipermail/asrg/>
List-help: <mailto:asrg-request@ietf.org?subject=help>
List-id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-post: <mailto:asrg@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>,<mailto:asrg-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>,<mailto:asrg-request@ietf.org?subject=unsubscribe>
Sender: asrg-admin@ietf.org

> Basic idea:
>
>   Bubba writes an email to Boffo.
>
>   Bubba's MUA looks for a locally stored consent token from Boffo and
>   fails to find one.  This is done at the MUA level as definitions are
>   contextual, subjective, etc.
>
>   Bubba's MUA emails Boffo for a consent token.  This could also happen
>   via LDAP or SMTP extension ala VRFY or or or...  I use SMTP as the
>   transport as it allows for disconnected operation (eg third world
>   behind UUCP, dialup, etc).
>
>     ObNote: Grammar and typing could be encoded into the consent token
>     request to allow requesters to describe what type of mail they want
>     to send to the stranger, thus allowing some forms of policy to be
>     stated -- but that's a feature for Good Guys, not spammers.
>
>   Boffo's MUA auto-replies with a token (which is really a dated source
>   address).

Thus verifying the existence of the receiver...

>   Bubba's MUA receives the token, stores the token for future use
>   (policy encoded in the consent reply), and sends Bubba's mail
>   appropriately.
>
>   Boffo, on receiving a SPAM can revoke the token, all tokens for that
>   sender, etc.

Boffo can sell the address to spammers, who will get a first provisional
token, have it revoked and then change their identity and get a new one.
Boffo can do that too.

>   List servers and legit marketing groups the like can auto-establish
>   the token arrangement at subscribe time, and auto-renew as tokens
>   expire.
>

Looks like you've just reimplemented DHCP but for mail? (Leases essentially)

Continuing to use network analogies... To send a packet, you have to make
your MAC address visible on the network. An acceptable policy. The receiver
does not need to expose himself past his local trusted switch to catch the
packet, but performs no action on the wire receive. If the packet makes it
there or not and is successfully processed by the receiver no one knows,
unless you use a higher level bi-directional protocol like TCP.

I see one possible future is analogous to TCP between consenting parties,
and UDP  between non-consensual ones. Consenting parties tent not to mind to
know each other (usually) and with non-consensual ones the receiver should
not have to be known to exist. Your scheme requires that.


_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg

Follow-Ups:
- Re: [Asrg] How to defeat spam that uses encryption?
  - From: J C Lawrence

References:
- Re: [Asrg] How to defeat spam that uses encryption?
  - From: J C Lawrence

Prev by Date: Re: [Asrg] spamstones
Next by Date: Re: [Asrg] spamstones
Previous by thread: Re: [Asrg] How to defeat spam that uses encryption?
Next by thread: Re: [Asrg] How to defeat spam that uses encryption?
Index(es):
- Date
- Thread