On 2004-06-02, Tomas Svoboda <[EMAIL PROTECTED]> wrote: > Hi everybody! > Let me suggest an idea that could help to separate spam from non-spam: > > If I receive a message encrypted with PKI (=encrypted using MY public > key) - that means that very probably I have sent email to that person > during the validity time of that key (1-2 years maybe). Because public > keys usually don't get exchanged by mechanisms other than email I would > consider it almost certain that the encrypted message does not come from > a spammer. > > What I am suggesting is a whitelisting tool: Those who satisfy the > condition are considered non-spam. It says nothing about the others. [snip]
I don't know much about encryption, but the trouble with this kind of tool is that the whitelist "says nothing" at the main time it would be useful. Generally, emails from people you know (particularly those that are competant enough to use PKI) will have no problem getting past filters. The kind of requested email that gets caught by filters is stuff from mailing lists, newsletters from companies, receipts from online purchases, and maybe a few forwarded jokes from technically clueless friends - i.e. legitimate bulk email. Unless you can somehow convince the senders of that kind of thing to send it encrypted with the recipient's key, PKI whitelisting is going to whitelist stuff that would pass anyway, and "say nothing" about the emails that spam filters have problems with. -- Michael _______________________________________________ Mozilla-security mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-security
