>>> Does anyone know of an approach or standard (commercial or not) that
>>> efficiently validates the email address of a sender?
>> Digital signatures. I keep thinking that eventually they will become
>> mandatory, and that mail without a valid digitial signature will be
>> considered spam by default.
> That would really increase the difficulty, but there is still nothing
> stopping me from creating or buying a digital signature in the name
> Noel J. Bergman.
Try going down to the government office, and getting a passport in my name.
:-) Can it be done? Yes, but defrauding the Federal Gov't is a good way to
find someone bending you over and calling you sweetheart.
In my scheme, you would be entitled to a free digital certificate good for a
few years. If you need to have your certificate revoked and a new one
issued early, because you permitted your system to be compromised, you would
have to pay for a new certificate. That would put some money into the
system, encourage computer literacy, and provide an incentive for users to
demand secure software.
> And in the worm case, it is likely that it will be entirely possible to
> send messages from your computer with your digital signature.
The worm would (a) have to gain access to my cert without my providing the
passphrase, and (b) my cert could then be revoked.
Furthermore, the worm's user should be subjected to monetary and penal
penalties. Go to jail for spamming, and we'll see less spam. I want to see
people like Ron Scelson fined millions of dollars, do substantial jail time,
and be banned from unsupervised Internet access.
--- Noel
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
