> Say I'm running a big free-to-everyone-on-the-net mailing list registry > that is intended to ONLY list non-spam mailing lists. Now someone I've > never heard of before sends me an E-mail and says he's just started a new > list to discuss Tasmanian Devils and will I please include him in the > registry. OK. So I add his list name and the associated public key to > the registry and wham! Ten minutes later he's spamming the hell out of > the entire planet. And no filters will stop him because he's not even > pretending to be anybody else. He's just being who he is, but *I* have > seriously misjudged his character. The key factor is that the list server owner (not necessarily the list owner) had to a) pony up his annual fee (and prove his real identity for all time). The registry need not pass any kind of judgment on the list, only provide the secure identification. The listserver would hold the responsibility to vette his list clients. If Mr. Evil does spam, then AOL would have the option of blocking that list, or in the event of continuing egregious support of spammers, any list with that listserver ID. No this doesn't guarantee that no UCE gets sent, but it provides a mechanism to enhance the ability to distinguish between good and bad UCE. Really, it's just an extension of the present, voluntary use of PGP for individual email. Nobody has to, but if you do, your email is more likely to get through.
