[13138] in cryptography@c2.net mail archive
Re: Fwd: [Asrg] A New Plan for No Spam / Velocity Indicator
daemon@ATHENA.MIT.EDU (Victor.Duchovni@morganstanley.com)
Tue Apr 29 11:52:21 2003
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Mon, 28 Apr 2003 16:22:39 -0400 (EDT)
From: Victor.Duchovni@morganstanley.com
To: cryptography@metzdowd.com
In-Reply-To: <E199dL7-0008WQ-00@smtp10.atl.mindspring.net>
On Sat, 26 Apr 2003, R. A. Hettinga wrote:
> From: "Hallam-Baker, Phillip" <pbaker@verisign.com>
> To: asrg@ietf.org
> Subject: [Asrg] A New Plan for No Spam / Velocity Indicator
>
> http://www.verisign.com/resources/wp/spam/no_spam.pdf
Seems rather naive to downright ignorant to me:
[QUOTE]
1/3rd of the emails were not correctly addressed to the recipient.
These messages could be excluded by simply enforcing the RFC822 message
standard that requires every message to have a valid To: CC: or BCC:
field identifying the recipient, making adjustment where necessary to
account for messages relayed through mailing lists.
[END QUOTE]
Since when does the recipient get to see the contents of the BCC field?
Since when do the recipient and sender necessarily agree on the
recipient's email address?
> Each time a signature is created the velocity indicator is updated to
> reflect the current rate of signing (you could also have a count of the
> total signatures over the lifetime of the message). This could be the
> signatures in the past hour and the past day (say).
>
> When a recipient receives a message the velocity indicator and signature are
> checked. The probability that a message is spam is low if BOTH the signature
> binds to the specific delivery of the message to the user (i.e. has a valid
> to: field) and the velocity indicated is low.
>
This requires global replacement of all MUA software and hardware. This
fails to address BCC email (e.g. mailing lists). This fails to address
in-transit header rewriting. (The "To:" header is not suitable for
signing, the signed recipient would need a new header). The chances of a
a free system of this sort gaining any wide acceptance appear minimal to
me a royalty based system seems substantially less likely to take hold.
--
Viktor.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
