Re: technical solutions to spam

Greg Broiles (gbroiles@netbox.com)
Sun, 04 Apr 1999 19:38:57 -0700

• Next message: mgraffam@idsi.net: "Re: technical solutions to spam"
• Previous message: mgraffam@idsi.net: "Re: technical solutions to spam"
• In reply to: lithron@bellsouth.net: "Re: technical solutions to spam"
• Next in thread: mgraffam@idsi.net: "Re: technical solutions to spam"
• Reply: mgraffam@idsi.net: "Re: technical solutions to spam"
• Reply: Austin Hill: "RE: technical solutions to spam"
• Reply: bram: "Re: technical solutions to spam"

At 06:38 PM 4/4/99 -0400, mgraffam@idsi.net wrote:
>An alternative is the use PK crypto to give us tokens/stamps for email
>exchange.

Ick. Now you've added export control issues and patent issues.

>In either case, we need user-end email clients.

No, we need client-side proxies (at least for Windows and Mac boxes);
they'll listen on the local machine's POP3 port, talk POP3 with the local
client (Eudora or Netscape or whatever), make an outbound POP3 connection
to the user's real mailserver, pull down the mail, process it (bouncing or
marking unwanted mail), and pass it through to the end-user app.

>The average guy probably percieves a greater need for widespread spam
>blocking than confidentiality.. so strong crypto can ride in on a
>spamblocker's coat-tails, as it were.

Let's not saddle the "block unwanted mail" problem with the complexity of
writing & deploying crypto code if it's not necessary - as soon as you
start monkeying with crypto, you're getting lawyers involved, and that's
not something you want, trust me. :)

You can get a pretty good solution to this problem by using a single token
for incoming mail and a list of approved originators (to deal with mailing
lists) - it'd even be pretty easy to keep the token in a constant location
in the user's web space, and let the proxy refresh it automatically - e.g.,
maybe I'd keep my token at <http://www.well.com/~gbroiles/mailtok.html>
(there's nothing there), and you'd keep yours at
<http://www.isp.com/~mgraffam/somewhereelse.html> - the "bounce" message
would tell senders to go look there, which will eliminate spammers (who
certainly aren't going to be using valid return addresses), but your old
friend from college won't have trouble figuring the system out. As long as
there's some variability in the location of the token files, it won't be
feasible to write harvester programs.

Then again, that's not as much fun as writing a spam-proof strong-crypto
mail client which will be feature-competitive with Eudora and its ilk - but
it's probably possible to write it in a week or so, without unwanted
contact with attorneys or other regulatory monsters.

--
Greg Broiles
gbroiles@netbox.com
PGP: 0x26E4488C

• Next message: mgraffam@idsi.net: "Re: technical solutions to spam"
• Previous message: mgraffam@idsi.net: "Re: technical solutions to spam"
• In reply to: lithron@bellsouth.net: "Re: technical solutions to spam"
• Next in thread: mgraffam@idsi.net: "Re: technical solutions to spam"
• Reply: mgraffam@idsi.net: "Re: technical solutions to spam"
• Reply: Austin Hill: "RE: technical solutions to spam"
• Reply: bram: "Re: technical solutions to spam"