I think this makes sense, but one issue I see is deciding non-repudiation after something like a virus infection steals your private key. And a pgp signed message can be resent. So if the joe-job uses a real Type 1 spam there is ambiguity: The type 1 spammer can't tell if the private key was stolen, or if the message was just resent. Should he revoke his certificate and buy a new one, or not? No one else knows either. They could perhaps keep a copy of all messages sent, and assume any signed message in this list previously sent does not mean the key is stolen. So far, most of the Joe Jobs on real type 1 spammers have made the message obviously forged with incorrect information, apparently because the Joe Jobber doesn't really want to inadvertantly help the Type 1 spammer. (eg, forged McAfee spams, etc). This and the fact that the particular Type 1 spammer doesn't use open proxies in Russia to send spam, gives it away as a joe job. But they could just as easily start sending out real McAfee spams, say to recipients on a do-not-send list. SO, you are still back to header analysis. And to some extent, reputation and trust. Things that depend on making a connection between the IP address and the purported sender of the message. --Dean On Thu, 29 May 2003, Eric A. Hall wrote: > > on 5/29/2003 6:27 PM Dean Anderson wrote: > > > Anyway, with Type 1 and Type 2 spam, this is unnecessary, since they > > tell you how to contact them in the message. > > There is still a reason to have verifiable identities for commercial spam, > which is protection against joe-jobs. You want to have proof that the > beneficiary is really the spammer and not just a victim, or that the > spammer is really the spammer regardless of who he is spamming for. While > there are ways of doing this after the fact as you said, having a > verifiable sender identity makes it a lot simpler. > > -- > Eric A. Hall http://www.ehsco.com/ > Internet Core Protocols http://www.oreilly.com/catalog/coreprot/ > >