Matthew Parke Bostrom <[EMAIL PROTECTED]> writes: > What if: > > (1) There was a standard for all the C/R vendors to use that did the > following: > > (2) The C/R software sticks a cryptographic message header in all > outgoing mail.
All outgoing mail or all outgoing challenges? Not that it matters; keep reading.... > Something like X-TMDA-Message-ID. The message id would be > cryptographically tagged, just the way the email addressess are > (although perhas with more than the default 24 bits of hash). 1) I send an original message to a recipient I've never emailed before. We're both running C/R systems. 2) X-TMDA-Message-ID is created? a) Only challenges are tagged, so NO. b) All outgoing mail is tagged, so YES, based on my key. > (3) Any sender that did not want to receive these bogus challenges > could start using a C/R solution to tag outgoing messages. Challenges > sent in response to spam would have either no or bogus > X-TMDA-Message-IDs's and could be automatically filtered out. 3) New recipient filters based on missing or bogus header. Header? a) NO: my original mail is lost. b) YES (not based on recipient's key): my original mail is lost. This system is unable to distinguish between mail from a new sender and challenges generated by other C/R users who received SPAM with a forged envelope sender. > This means that there would have to be a minimal level of > standardization across C/R so that legitimate challenges could be > recognized and responded to automatically. This would let mailing > lists respond to C/R challenges. This probably wouldn't be a good idea, for the reason you cite in your next paragraph. > This would also make it easier for spammers to automatically > respond to challenges, of course. But if enough people start using > C/R, spammers will correctly respond to challenges, even if each C/R > software has its own protocol. Right now, most spammers use bogus return addresses, so they never see the challenges; /ergo/, they have no way to respond, correctly or not. If the use of C/R forces spammers to maintain SMTP servers for bounced/challenged mail, spamming loses its hit-and-run advantage and thus the cost for spammers goes up. This is a good thing. Without a standard it will be even more difficult/expensive for spammers to maintain software that identifies and properly replies to many, varied types of challenges. This is also a good thing. Tim _____________________________________________ tmda-users mailing list ([EMAIL PROTECTED]) http://tmda.net/lists/listinfo/tmda-users
