Troels Jakobsen wrote:
"Tomas Svoboda" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
Hi everybody! I am not trying to bring up the topic of PKI as the magic anti-spam weapon - because it just isn't realistic. However it could be a partial help in this way: We have a Junk Mail Filter that uses elaborate logic to distinguish spam from non-spam (ham? :-) How about adding one simple optional rule: "Let messages with valid digital signature bypass junk mail filter." [checkbox]
Believe me: Among the tens of thousands spams I have seen there was not a single signed one. On the contrary some of my friends do sign their emails.
Regards
Tomas Svoboda
It depends what you want to do, whitelist or blacklist:
1) Pass signed emails, block all non-signed
2) Block only suspect emails, treat signed emails as non-suspect
Yes I mean situation (2) = whitelisting signed emails. Tomas
Situation 1 is infeasible, since it requires all ordinary users to obtain a certificate to use as signature. The procedure of obtaining the certificate is non-trivial, costs money, and can't be automated, since the CA (cert. authority) guarantees the identity of the owner. If you could automatically get a certificate it would be worthless.
Situation 2 is undoubtedly feasible, and I suppose some spam filters use a signature as proof of validity. It's just that so few emails are actually signed that it makes no difference.
Troels
_______________________________________________ Mozilla-security mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-security
_______________________________________________ Mozilla-security mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-security
