On Mon, 09 Feb 2004 13:49:53 -0800 Ed Gerck <egerck@xxxxxxx> wrote: > 8. How about spammers using 100,000 slave PCs to share the burden? [...] > Comments? Ed, I'm not sure I see the value in requiring encryption. To me this does not seem to really fix anything. On the one hand, this just forces spammers to begin collecting public keys and email addresses as opposed to just addresses. With the former, they probably end up with a much more reliable and stable form of contact since people are not going to want to have throw-away keys, at least not in the way PGP, for example, is currently used. On the other hand, this just adds some, but not that much in my opinion a processing burden for spammers to encrypt messages. Processing that can currently be found in compromised hosts (today) or in faster CPUs (tomorrow). I think the argument becomes slightly stronger if the delay is an absolute value that can be enforced per TCP segment, connection or whatever, but even that is not ideal. Also note, there is an addition burden placed on end users who rely on receiving encrypted email in your proposal. Under your scheme, a user has to go through the trouble of decrypting the message just to see if it is spam or not. This eliminates almost all forms of automated spam mitigation except those related to the low-level SMTP, DNS or other new authentication/authorization techniques. John