we have run a simular system for a while, the problem is still with mailinglists and online shops (by lack of a standardised field the password was put anywhere in the email, all email not containing a password was rejected with a message to call sales) a) you print unique passwords on each businesscard, and simply give them to your clients through other means (sales telephone number, etc) b) there is no O(N^2) scaling. you currently have an email address, and maybe a name for everyone you want to email in your address book, or your database, all thats required is another field with the password they gave you. c) totally fine, with us, it stopped 100% of all undesired email (normally 1500 a day just for me alone ;) If what you're asking under point c is "what happens if a system that contains such a password for your email address gets compromised" the answer is simple, you remove that specific password from your approved passwords list (note that on the receiver side, the password is not linked to the source email address, senders can use any source email address they want, as long as one of the currently active/accepted passwords is in the email) remaining problems with this system are: by lack of a standard header for Password: which should be supported by all clients, address books, online shops, mailinglists, we put the password in the email, which means, that on Cc:'s and forwards etc the password got forwarded along with the email, potentially giving other people the password too. Now, this is -100%- spam stopping, smtp can be as open relay and you want, the internet can be full of compromised windows boxes chunking out tons of crap, but you won't get any spam, just mail from people YOU choose to deal with, by actively -giving- them a password yourself, which you can also -revoke-. (the initial contact, the equivalent of "accept contact" in skype simply needs to be done through other channels, but really, people that don't know you have no business mailing you anyway ;) We have been watching these so-called "spam fighters" for a while now, and all they managed to do over the past 20 years or so is completely fuck up the smtp protocol itself, first they fucked up the concept of open relays, then it was stupid and unnessesary delays (graylisting), then there were all kinds of blacklists run by arrogant fools that gladly blacklisted all of level 3 because of one spammer, etc, and you still got spammed, and still get spammed today. If i have to wait for 20 minutes for an email, i've started skype already.. You know what, why don't we simply turn the smtp servers -off- and use skype and msn for everything... saves electricity :P It may be a bit too late to fix the protocol itself to be real-time and peer-to-peer again, but this time without spam ofcourse, as the market has been flooded with better protocols already anyway (the problem with these however is that they're propriatory and vendor dependant). -- Greetings, Sven Olaf Kamphuis, CB3ROB Ltd. & Co. KG ========================================================================= Address: Koloniestrasse 34 VAT Tax ID: DE267268209 D-13359 Registration: HRA 42834 B BERLIN Phone: +31/(0)87-8747479 Germany GSM: +49/(0)152-26410799 RIPE: CBSK1-RIPE e-Mail: sven@cb3rob.net ========================================================================= <penpen> C3P0, der elektrische Westerwelle ========================================================================= Confidential: Please be advised that the information contained in this email message, including all attached documents or files, is privileged and confidential and is intended only for the use of the individual or individuals addressed. Any other use, dissemination, distribution or copying of this communication is strictly prohibited. On Wed, 6 Oct 2010, Rich Kulawiec wrote:
On Wed, Oct 06, 2010 at 10:14:27PM +0000, Sven Olaf Kamphuis wrote:
(keep in mind, each sender gets a unique password from the receiver, this can be stored in the address book along with the email address itself).
I'd like to see the I-D which explains how this is going to work, with particular attention to (a) how the passwords will be exchanged without using email (b) how it's going to handle the O(N^2) scaling and (c) how it's going to work in an environment with at least a hundred million compromised systems -- that is, systems that are now owned by the enemy, who thus also owns the contents of all the address books stored on them...including all the passwords. I think once these issues are addressed it will be only a small matter of implementation to convince everyone to swiftly move to a different protocol for mail.
---rsk