Tomas,
Tomas Svoboda wrote:
Hi everybody! Let me suggest an idea that could help to separate spam from non-spam:
If I receive a message encrypted with PKI (=encrypted using MY public key) - that means that very probably I have sent email to that person during the validity time of that key (1-2 years maybe). Because public keys usually don't get exchanged by mechanisms other than email I would consider it almost certain that the encrypted message does not come from a spammer.
What I am suggesting is a whitelisting tool: Those who satisfy the condition are considered non-spam. It says nothing about the others.
In the Mozilla implementation this would lead to adding a simple optional rule to the junk mail filter:
"Let messages encrypted with my valid public key bypass junk mail filter."
[checkbox]
This is not any magic solution to the spam problem - just a small partial helper.
Regards Tomas Svoboda
P.S.
About one month ago I have suggested the same for digitally signed messages. Now however it struck me that whitelisting should work even better for encrypted emails.
I think it only makes sense to whitelist signed e-mails, not encrypted e-mails.
Your certificate and public key are public information, just like your e-mail address. Anybody could encrypt e-mail to you without any requirement to identify themselves. Technically, they would only need to obtain your certificate/public key, but this shouldn't be too hard. They could get it from your CA, or from public messages, mailing list archives, etc, just like they collect your e-mail address today
On the other hand, for someone to send you a signed e-mail, they have to obtain their own certificate from a CA, and agree with their terms of service, and the CA has the ability to revoke the certificate if those terms are broken. Therefore, using digital signatures for spam filtering makes sense, but using encryption does not.
_______________________________________________
mozilla-crypto mailing list
[EMAIL PROTECTED]
http://mail.mozilla.org/listinfo/mozilla-crypto
