Earthlink to Test Caller ID for E-Mail
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Sat Mar 6 04:26:47 PST 2004
Eugen Leitl <eugen at leitl.org> writes:
>"A way that works" would involve passphrase-locked keyrings, and forgetful
>MUAs (this mutt only caches the passphrase for a preset time).
"A way that works *in theory* would involve ...". The chances of any vendor
of mass-market software shipping an MUA where the user has to enter a password
just to send mail are approximately... zero.
>Filtering for signed/vs. unsigned mail doesn't make sense, authenticating and
>whitelisting known senders by digital signature makes very good sense.
In that case you can just filter by sender IP address or something (anything)
that's simpler than requiring a PKI. Again though, that's just another
variant of the "Build a big wall" dream. In order to have perimeter security
you first need a perimeter. If the spammer you're trying to defend against is
your own mother (because she clicked on an attachment you sent her, it says so
in the From: address, that's actually a spam-bot), you don't have a perimeter.
All you have is a big pile of Manchurian candidates waiting to bite you.
Peter.
More information about the cypherpunks-legacy
mailing list