Hi. One of the hats I wear is the chair of the Anti-Spam Research Group of the Internet Research Task Force, which is down the virtual hall from the IETF.
You know how you all feel when someone shows up with his super duper new unbreakable crypto scheme? Well, that's kind of how I feel here. Dealing with spam is surprisingly subtle, a lot of smart people have been thinking about it for a long time, and most new ideas turn out to be old ideas with well known flaws or limitations. > Consider the implications of a third field, or "trust token," which > works like a "password" to fred's mail box. Your mailer's copy of > fred's email address would look like "fred#to...@example.com" where > "token" was a field that was your own personal password to fred's > mailbox. It's not a bad idea. Its best known implementation was done in 1996 by Robert Hall of AT&T Labs who called it Zoemail. You can learn all about it in US Patent 5,930,479. This is the wrong place to go into detail about its limitations, although it should be self-evident that if it were effective, sometime in the past 13 years we'd have started using it. You're all welcome in the ASRG, which has a wiki at http://wiki.asrg.sp.am with pointers to the mailing list and other resources. One of our slow moving projects is a taxonomy of anti-spam techniques, both ones that work and ones that don't work. If you'd like to contribute, drop me a note and I'll give you a password so you can edit it. Regards, John Levine, jo...@iecc.com, Primary Perpetrator of "The Internet for Dummies", Information Superhighwayman wanna-be, http://www.johnlevine.com, ex-Mayor "More Wiener schnitzel, please", said Tom, revealingly. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com