Stephen Sprunk writes: > Thus spake "Michael Thomas" <mat@cisco.com> > > It depends on what you mean by signing. Signing a message in and > > of itself ought not hurt anything modulo software bugs, etc. But the > > real question is what does the receiving program (MTA, MUA) do > > with that signature? At the very least it could verify the signature, > > but then what? If it doesn't verify do you drop it? (transitive trust > > comes into play, but most likely). Does it do anything beyond that? > > Well, if you use a score-based anti-spam system, the lack of a signature > could "cost" a message a few points, but that's about it. Or signed, uncost it. > The root problem here is we're trying to define an authentication system > without also defining the authorization or accounting systems to use it. One could obviously start envisioning servers with known spammer keys, etc. Some have mentioned whitelists but blacklists seem also possible so far as they'd go. This isn't actually much different than current practices, afterall. I'd love to have somebody refute my personal and completely unobjective observation that most spammers (like virii hackers) are not very smart. It's quite obvious that djinning up new key pairs would be pretty simple (if relatively CPU intensive), but look at the lag time between where the current crop of filters are and the spam that's sophiciticated enough to get around it. My filters seem to catch -- even now -- about 80% at least, and I haven't even upgraded spamassasin to the Baysian version. Could the interval between prevalence of signatures and spammers getting wise to both needing to sign and needing to djinn up lots of keys buy enough time to keep one step ahead? My feeling is that it might. And I'd think there would be huge economic incentives to move to the next step before or as that starts to happen. > > Let me ask something in return: do you think that > > just the act of signing mail -- with no trust > > roots implied -- could help? > > It does, at least until spammers start signing their email too. > > Does my signature on this message make you trust it more than, say, the ten > ads you got this morning for Viagra? Why or why not? Well, that's the implicit question. If the vast majority of mail were signed -- with or without trust roots -- would we be better off than the current state of affairs? That is, could something that hasn't been invented or utilized today be possible if mail were simply signed? There's an obvious bootstrap problem with all of this, and if there were some marginal value of to what an MTA or MUA could do *without* any messy trust issues mandatory, then maybe the network effect might allow more and more sophisticated schemes to emerge. Mike