Mat Harris:
>
> this sounds like a heavily commercialized version of pgp/gpg. It would be
> just as easy to adapt MTAs to filter spam based on pgp keys (i'm not
> suggesting we do).
>
I was imagining it would just use pgp/gpg and not reinvent that wheel. The
idea was just to have habeas actually issue the keys and thus be able to
revoke them quickly. And it would be impossible for spammers to forge.
Right now, habeas works like this:
1. Licensed mail sender adds habeas watermark
2. Spam filter notices watermark and checks with habeas to see of
IP of sender is blacklisted
a. If so, mail is probably spam
b. If not, give it the benefit of the doubt since Habeas is so good at
chasing down spammers.
My proposal:
1. Licensed mail sender has private pgp/gpg key provided by Habeas and
uses it to sign outgoing mail. (Also adds haiku for legal purposes.)
2. Spam filter checks to see if corresponding public key is in Habeas
database
a. If not, mail is probably spam
b. If not, use public key to verify signature
i. If it verifies, mail is probably not spam
ii. If not, mail is probably spam
The difference between my scheme and what Habeas does right now is only a
difference in how hard it is to send spam that appears (falsely) to be
sanctioned by Habeas.
Does that make it any clearer?
-------------------------------------------------------
This SF.net email is sponsored by: Perforce Software.
Perforce is the Fast Software Configuration Management System offering
advanced branching capabilities and atomic changes on 50+ platforms.
Free Eval! http://www.perforce.com/perforce/loadprog.html
_______________________________________________
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
