[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Asrg] A Technique for Universal Authentication

To: "John Levine" <asrg at johnlevine.com>
Subject: Re: [Asrg] A Technique for Universal Authentication
From: "Michael Kaplan" <michaelkaplanasrg at gmail.com>
Date: Fri, 1 Sep 2006 11:19:27 -0400
Cc: asrg at ietf.org
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:references; b=SLZp8RszWTYk8T1RXU1x245+fLpIOYayx/ApQNNA+s70ottcU2lIvUY99xWMzDnMA/16bkAu+Ov28+BzqzgQi7S438J5ECQ7SsNfVMsnHCS3u0ZMZ8YJNHWpXzCTyjNtVEUjyzdTLZWQWWicArviZCjeaJdD7pRxvoQAlsFow9Y=
In-reply-to: <20060901053902.53022.qmail@simone.iecc.com>
List-archive: <http://www1.ietf.org/pipermail/asrg>
List-help: <mailto:asrg-request@ietf.org?subject=help>
List-id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-post: <mailto:asrg@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
References: <cb84d2fe0608312043q2f8cd557ra16f71810adeffd8@mail.gmail.com> <20060901053902.53022.qmail@simone.iecc.com>

On 1 Sep 2006 05:39:02 -0000, John Levine <asrg at johnlevine.com> wrote:

Recognizing mail from known correspondents is a very thoroughly solved
problem.

I agree, yet my system is designed to recognize mail from unknown sources. Strangers will frequently send mail without using a sub-address. This mail will only get bounced if it receives a poor score via a filter. If the stranger is using a popular MUA then the bounce is resent and successfully received without either party being aware that it was bounced in the first place (assuming that the popular MUAs have updated their software).

As a last resort the stranger can manually 'Reply' to the bounce if his MUA isn't updated. This situation, however, is unlikely as there is an amazingly minuscule number of popular MUAs.

But the spam problem is not the same as the introduction problem. They
are somewhat related, since it is certainly true that people who have a
history of sending non-spammy mail will probably continue to do so,
but there's all sorts of real but complex situations that it doesn't
deal with at all well, with discussion lists like this one leading
the pack.

Again, updates by a minuscule number of MUAs effectively eliminates the introduction problem for this system. Discussion lists like this one would never face the introduction problem if the administrator used one of the popular MUAs (again assuming that the popular MUAs have updated their software).

Regarding an earlier question of creating and tracking combinatorials: individual systems can decide for themselves if it is too complex to send multiple sub-addresses to the recipients of a group email. The efficacy of this system will not suffer much if only one sub-address is sent out with a group email. Tracking all of the sub-addresses does not strike me as a strenuous task in an age where we have email systems that hash every email.

Michael

_______________________________________________
Asrg mailing list
Asrg at ietf.org
https://www1.ietf.org/mailman/listinfo/asrg

Follow-Ups:
- Re: [Asrg] A Technique for Universal Authentication
  - From: John Levine

References:
- [Asrg] A Technique for Universal Authentication
  - From: Michael Kaplan
- Re: [Asrg] A Technique for Universal Authentication
  - From: John Levine

Prev by Date: Re: [Asrg] A Technique for Universal Authentication
Next by Date: Re: [Asrg] A Technique for Universal Authentication
Previous by thread: Re: [Asrg] A Technique for Universal Authentication
Next by thread: Re: [Asrg] A Technique for Universal Authentication
Index(es):
- Date
- Thread