Hi.  One of the hats I wear is the chair of the Anti-Spam Research
Group of the Internet Research Task Force, which is down the virtual
hall from the IETF.

You know how you all feel when someone shows up with his super duper
new unbreakable crypto scheme?  Well, that's kind of how I feel here.
Dealing with spam is surprisingly subtle, a lot of smart people have
been thinking about it for a long time, and most new ideas turn out
to be old ideas with well known flaws or limitations.

> Consider the implications of a third field, or "trust token," which
> works like a "password" to fred's mail box.  Your mailer's copy of
> fred's email address would look like "fred#to...@example.com" where
> "token" was a field that was your own personal password to fred's
> mailbox.

It's not a bad idea.  Its best known implementation was done in 1996
by Robert Hall of AT&T Labs who called it Zoemail.  You can learn all
about it in US Patent 5,930,479.

This is the wrong place to go into detail about its limitations,
although it should be self-evident that if it were effective, sometime
in the past 13 years we'd have started using it.

You're all welcome in the ASRG, which has a wiki at
http://wiki.asrg.sp.am with pointers to the mailing list and other
resources.  One of our slow moving projects is a taxonomy of anti-spam
techniques, both ones that work and ones that don't work.  If you'd
like to contribute, drop me a note and I'll give you a password so you
can edit it.

John Levine, jo...@iecc.com, Primary Perpetrator of "The Internet for Dummies",
Information Superhighwayman wanna-be, http://www.johnlevine.com, ex-Mayor
"More Wiener schnitzel, please", said Tom, revealingly.

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com

Reply via email to