Serge Knystautas provided the following straight lines:
> Noel J. Bergman wrote:
> > We would want broad support. I don't know anything broader than S/MIME.
> I would differ with that, or at least put a spin on it... S/MIME is the
> John Malkovich of the email world... everyone has heard and has respect
> for it, but can you name a time you used it?
Actually, yes. :-) And John sends his regards. ;-)
> Let me know when you're ready to have an email address that you can't
> send to mailing lists or check via webmail.
If you want to authenticate, you can't use brain-dead clients. If you just
want a limited justification, you can do more to support them. For example,
on one list to which I am subscribed, someone is running a TMDA-type server.
So the first time I sent e-mail to the list, I received a challenge from his
server requiring a response in order to release the message. That helps,
but if I were a spammer, I would simply use the sender addresses for people
who are already subscribed to the list.
I could generate sender-specific aliases, so that I can filter out senders
who use the wrong address. But as soon as that technique catches on, the
spammers will just start to pair up such addresses in their database. It
would prevent long RCPT TO lists, but otherwise it is handleable in their
databases. Unlike Evil Warlords, many spammers are simply immoral, not
terminally stupid. Anything you send in the clear that they can see they
can use.
You are correct to view this as an "identity theft issue". The problem is
how to verify the identity of the sender. The reason that public key
encryption works is because of asymmetric encryption. There is a secret
that only one party knows, others doen't need to know it in order to
operate, but it would need to be known to forge the identity.
--- Noel
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
