On Fri, Jan 30, 2009 at 01:47:23PM -0800, Ray Dillinger wrote:
Each time Fred gives out his email address to a new sender, he creates a trust token for that sender. They must use it when they send him mail.That's basically what I'm using, just without the digital signature part: each person/organisation/website/whatever gets a different email address for communicating with me (qmail makes this easy to implement); mailing list and bugtracker addresses are filtered to accept only mail with the correct headers. It works much better than content filters, but it's basically limited to 1:1 communication (with a mailing list looking like a single entity as it forwards traffic both ways). Most importantly, it breaks for CC parties (*). Address lists on paper given out to a large number of participants are problematic as well (those utilizing paper lists are mostly non-tech-savvy - thus prone to attacks - and changing the address is hard due to the long update interval of the list).
To get on-topic again:Another scheme (that could be combined with the above one to solve only the CC party problem) would be accepting only PGP mail and use a manually updated whitelist / web of trust of PGP keys. Unfortunately, PGP still isn't widespread enough to reject non-PGP mails and the ones not using it are often far more susceptible to address harvesting malware, limiting the usefulness of such a filter.
(*) CC party: group discussion without predetermined participants (so no mailing list could be set up in advance)
CU Sascha -- http://sascha.silbe.org/ http://www.infra-silbe.de/
Description: Digital signature