On Tue, 24 Sep 2002 19:41:01 -0400, Phil Tanny <[EMAIL PROTECTED]> wrote:
[snip] >>Finally, the whole system is easily fooled if you don't use encryption >>since I can easily forge the From address. Most people are going to >>whitelist things like their postmaster or addresses used by popular >>sites like Amazon's or ebay's confirmation messages and if Microsoft or >>Netscape happened to whitelist their support address while adding >>support into their mail clients... > >You can always tell the real techheads by who white lists their >postmaster. :-) > >Seriously, I see the problem here and don't claim to have the perfect >solution. And there probably isn't a perfect solution. [The Following is Not An Endorsement - rather, I'm mentioning it as a response to Phil's statement that there's a missing part to this "better mousetrap"] This type of technology is already available. Postiva's Trusted Sender technology (www.postiva.com) allows for cryptographic encryption and verification of sender identities, so recipients can verify that the sender is the sender. Since the technology is gateway-oriented, each message presents that security to the recipient MTA (or, in the context of this discussion, the whitelisting agent). Philosophically speaking, the two technologies should optimally be able to "get along". This presents the opportunity for something like the trusted sender program to be used as a whitelisting application. Ted _______________________________________________ spamcon-general mailing list [EMAIL PROTECTED] http://mail.spamcon.org/mailman/listinfo/spamcon-general#subscribers Subscribe, unsubscribe, etc: Use the URL above or send "help" in body of message to [EMAIL PROTECTED] Contact administrator: [EMAIL PROTECTED]
