"Tomas Svoboda" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > Hi everybody! > I am not trying to bring up the topic of PKI as the magic anti-spam > weapon - because it just isn't realistic. > However it could be a partial help in this way: > We have a Junk Mail Filter that uses elaborate logic to distinguish spam > from non-spam (ham? :-) > How about adding one simple optional rule: > "Let messages with valid digital signature bypass junk mail filter." > [checkbox] > > Believe me: Among the tens of thousands spams I have seen there was not > a single signed one. On the contrary some of my friends do sign their > emails. > > Regards > Tomas Svoboda
It depends what you want to do, whitelist or blacklist: 1) Pass signed emails, block all non-signed 2) Block only suspect emails, treat signed emails as non-suspect Situation 1 is infeasible, since it requires all ordinary users to obtain a certificate to use as signature. The procedure of obtaining the certificate is non-trivial, costs money, and can't be automated, since the CA (cert. authority) guarantees the identity of the owner. If you could automatically get a certificate it would be worthless. Situation 2 is undoubtedly feasible, and I suppose some spam filters use a signature as proof of validity. It's just that so few emails are actually signed that it makes no difference. Troels _______________________________________________ Mozilla-security mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-security
