Lahu wrote:
> I dont see how signed mail can be an anti-spam measure.
You know the authenticated id of who sent it. Spammers don't like the light
of day. After we lookup the certificate information, we can determine
whether or not to accept e-mail from the sender. A simple check would find
out whether or not the certificate had been revoked. If someone's system
were compromised, so that they were unwittingly sending spam using their own
certificate (as if poor security practices were unknown to MS-Windows
users), their certificate could be rapidly revoked, requiring them to get a
new one after cleaning up. Going beyond that, we could even base some
decisions upon the contents of a WoT, not just CA-based checks.
--- Noel
