On Saturday, January 31, 2009 6:36 AM, Sascha Silbe wrote:
Another scheme (that could be combined with the above one to solve only
the
CC party problem) would be accepting only PGP mail and use a manually
updated
whitelist / web of trust of PGP keys. Unfortunately, PGP still isn't
One idea I have not seen mentioned here (and which I have not yet
encountered in RL, but only weird people send me email these days) is
for the sending MTA to use pgp to encrypt mail using the recipient's
public key, available on one of the key servers near you.
I don't understand what problem
On Fri, Jan 30, 2009 at 01:47:23PM -0800, Ray Dillinger wrote:
Each time Fred gives out his email address to a new sender, he creates
a trust token for that sender. They must use it when they send him
mail.
That's basically what I'm using, just without the digital signature
part: each
That's basically what I'm using, just without the digital signature
part: each person/organisation/website/whatever gets a different email
address for communicating with me (qmail makes this easy to implement)
I do that too -- I bet half the people on this list do, and there's
lots of free and
I have a disgustingly simple proposal. It seems to me that one
of the primary reasons why UCE-limiting systems fail is the
astonishing complexity of having a trust infrastructure
maintained by trusted third parties or shared by more than
one user. Indeed, trusted third party and trust shared
On Jan 30, 2009, at 4:47 PM, Ray Dillinger wrote:
I have a disgustingly simple proposal. [Basically, always include a
cryptographic token when you send mail; always require it when you
receive mail.]
There is little effective difference between this an whitelists. If I
only accept mail
Hi. One of the hats I wear is the chair of the Anti-Spam Research
Group of the Internet Research Task Force, which is down the virtual
hall from the IETF.
You know how you all feel when someone shows up with his super duper
new unbreakable crypto scheme? Well, that's kind of how I feel here.
On Fri, Jan 30, 2009 at 1:47 PM, Ray Dillinger b...@sonic.net wrote:
This is basic digital signatures; it would work.
What's your transition plan? How do you deal with stolen trust
tokens? (Think trojans/worms.)
Also see: http://craphound.com/spamsolutions.txt
--
Taral tar...@gmail.com
Please