On Mar 27, 2014, at 12:16 PM, Blake Hudson <blake@ispn.net> wrote:
It's entirely likely that a spammer would try to get a hold of a key due to its value or that someone you've done business with would share keys with a "business" partner . But ideally you'd authorize each sender with a unique key (or some sort of pair/combination). So that 1) you can tell who the spammer sourced the key from and 2) you can revoke the compromised key's authorization to send you subsequent email messages.
There's probably some way to generate authorization such that each sender gets a unique key or a generic base is in some way salted or combined with information from the individual you're giving your authorization to such that the result is both unique and identifiable.
(Not to single you out, but this is a good entry point.) So somewhere between this and the “every user should have their own MTA” idea, something would need to be done to close the end user usability gap. - “I just bought something from this boutique website, how do I (or my ISP) know how to let them email me my receipt?” - “My friend gave his buddy my email address to send a resume for that job opening I have. How do I permit him to send me email?” - “This .gov entity needs to email me about my (taxes|health care|car registration|…), how do I give them permission?” - “My long lost high school friend found my email address somewhere (and isn’t using gmail, hotmail, yahoo, ….), how do I keep her from getting blocked?” All of these end-user questions will have to be answered by any such technology which seeks to solve the spam problem using a manner such as you describe here. And if you’re going to say the solution is “in addition to my email address, in order to send me mail someone is going to have to know my (key|pass phrase|…)” then anything which currently collects your email address is also going to need to collect “that”. Therefore how do you control “that” from getting in the wrong hands in that list of emails someone is selling to spammers? Am I misunderstanding what’s being proposed here? To me the ubiquity of email is its own undoing — it’s so convenient because you can email anybody, anywhere, from anywhere, but it’s so spammable because you can email anybody, anywhere, from anywhere. -c