Franck writes: > Someone unknown to me send me an e-mail. I do not > receive this e-mail yet but an automatic reply ask > the person to perform a task to authenticate itself... > Like replying to a specific address after reading > the message (something like a simple Turing test to > prove the person is human). The e-mail of this person > is then added to my whitelist, I receive this person > e-mail as well as all subsequent e-mails.... All well and good in principle, but many of your correspondents will be confused by the automatic reply, and many also will not consider it worthwhile to perform the authentication task just to join your whitelist. So you will lose legitimate e-mail in this way, just as you would with automated spam filter. > Any person that wants to talk to me will follow > the procedure ... Any person who wants to talk to you badly enough will follow the procedure. But other correspondents may find the task so time-consuming and troublesome to carry out, and so will simply abandon their attempt to communicate instead. In some cases, these latter correspondents may have important things to say. So you risk the loss of important, legitimate e-mail. > ... any spammer will not bother to follow the procedure > because suddenly it costs him time therefore money ... The problem is that it will cost ALL of your correspondents time and money. Those who do not wish to spend extra time and money to talk to you will stop communicating, even if they are not spammers. Here again, the fundamental difficulty is that there is no way for a machine to distinguish between spam and legitimate e-mail; any remedy applied to spam will also reject legitimate e-mail, and any remedy that guarantees passage of all legitimate e-mail will also allow spam to get through. Only individual human inspection of e-mail messages can separate spam and legitimate e-mail with 100% accuracy. > Now what digital signing should bring, the power > to sue because of the traceability. Not if the signing party is out of legal reach. Once again, the problem is a human problem, in that there is no fundamental, machine-readable difference between a spammer's signature and a legitimate correspondent's signature, so just putting signatures on e-mail will not allow spam to be automatically excluded, and requiring signatures will reject legitimate correspondents just as readily as it deters spammers.