>One idea I have not seen mentioned here (and which I have not yet
>encountered in RL, but only weird people send me email these days) is
>for the sending MTA to use pgp to encrypt mail using the recipient's
>public key, available on one of the key servers near you.
I don't understand what problem
[Sorry for ummm spamming John, my third attempt to send mail to the
whole list, caused by vanity email domains not playing well with fascist
majordomo settings - agc]
On Sat, Jan 31, 2009 at 07:55:50PM -, John Levine wrote:
> The ASRG is still eager to hear from people who want to do just abou
On Saturday, January 31, 2009 6:36 AM, Sascha Silbe wrote:
> Another scheme (that could be combined with the above one to solve only
the
> CC party problem) would be accepting only PGP mail and use a manually
updated
> whitelist / web of trust of PGP keys. Unfortunately, PGP still isn't
widespr
>That's basically what I'm using, just without the digital signature
>part: each person/organisation/website/whatever gets a different email
>address for communicating with me (qmail makes this easy to implement)
I do that too -- I bet half the people on this list do, and there's
lots of free an
On Fri, Jan 30, 2009 at 01:47:23PM -0800, Ray Dillinger wrote:
Each time Fred gives out his email address to a new sender, he creates
a trust token for that sender. They must use it when they send him
mail.
That's basically what I'm using, just without the digital signature
part: each person/
On Fri, Jan 30, 2009 at 1:47 PM, Ray Dillinger wrote:
> This is basic digital signatures; it would work.
What's your transition plan? How do you deal with stolen "trust
tokens"? (Think trojans/worms.)
Also see: http://craphound.com/spamsolutions.txt
--
Taral
"Please let me know if there's any
Hi. One of the hats I wear is the chair of the Anti-Spam Research
Group of the Internet Research Task Force, which is down the virtual
hall from the IETF.
You know how you all feel when someone shows up with his super duper
new unbreakable crypto scheme? Well, that's kind of how I feel here.
Dea
On Jan 30, 2009, at 4:47 PM, Ray Dillinger wrote:
I have a disgustingly simple proposal. [Basically, always include a
cryptographic token when you send mail; always require it when you
receive mail.]
There is little effective difference between this an whitelists. If I
only accept mail fr
I have a disgustingly simple proposal. It seems to me that one
of the primary reasons why UCE-limiting systems fail is the
astonishing complexity of having a trust infrastructure
maintained by trusted third parties or shared by more than
one user. Indeed, "trusted third party" and "trust shar
