Eugen Leitl <[EMAIL PROTECTED]> writes: >"A way that works" would involve passphrase-locked keyrings, and forgetful >MUAs (this mutt only caches the passphrase for a preset time).
"A way that works *in theory* would involve ...". The chances of any vendor of mass-market software shipping an MUA where the user has to enter a password just to send mail are approximately... zero. >Filtering for signed/vs. unsigned mail doesn't make sense, authenticating and >whitelisting known senders by digital signature makes very good sense. In that case you can just filter by sender IP address or something (anything) that's simpler than requiring a PKI. Again though, that's just another variant of the "Build a big wall" dream. In order to have perimeter security you first need a perimeter. If the spammer you're trying to defend against is your own mother (because she clicked on an attachment you sent her, it says so in the From: address, that's actually a spam-bot), you don't have a perimeter. All you have is a big pile of Manchurian candidates waiting to bite you. Peter.