Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision
Previous revision
madoverlord:projects-spamidea [2016/05/13 21:35]
127.0.0.1 external edit
madoverlord:projects-spamidea [2016/10/04 14:42] (current)
Line 1: Line 1:
-==== Certified Email (anti-spam idea) (Projects) ==== +==== Combatting Spam using Certificates of Approval - Draft v1.0 of 03/​14/​03 ​====
- +
-// Many solutions to the problem of spam have been proposed, including filtering (for keywords, by bayesian statistical analysis), blacklists (of offendi // +
- +
- +
- +
-=== Combatting Spam using Certificates of Approval - Draft v1.0 of 03/14/03 ===+
  
  
Line 98: Line 92:
  
  
-<​UL><​LI>​Mailing Lists are not affected. +  * Mailing Lists are not affected. 
-<LI>No infrastructure costs inflicted on those who don't want to use it. +  ​* ​No infrastructure costs inflicted on those who don't want to use it. 
-<LI>Doesn'​t depend on everyone rating their emails. +  ​* ​Doesn'​t depend on everyone rating their emails. 
-<LI>Hard to abuse. If you're a legit mailer (like, say, Amazon) or mailing list operator, even a big group of people who decide they don't like your politics can't overwhelm the even bigger group of people who think you're legit. And since every rater has their own certificate,​ they'​ll self-select for good people. Very few people will pay $ to be a jerk. +  ​* ​Hard to abuse. If you're a legit mailer (like, say, Amazon) or mailing list operator, even a big group of people who decide they don't like your politics can't overwhelm the even bigger group of people who think you're legit. And since every rater has their own certificate,​ they'​ll self-select for good people. Very few people will pay $ to be a jerk. 
-<LI>ISPs can vouch for their customers, so they don't have to buy certificates themselves. ISPs won't want their certificates to get a bad rap, so they'​ll police their users better. It won't cost good ISPs anything, their good users will overwhelm the bad ones. But note all that info in the header. That all +  ​* ​ISPs can vouch for their customers, so they don't have to buy certificates themselves. ISPs won't want their certificates to get a bad rap, so they'​ll police their users better. It won't cost good ISPs anything, their good users will overwhelm the bad ones. But note all that info in the header. That all gets reported to the registrar when an email is reported as spam. And if the registrar turns it over to the owner of the certificate,​ now the ISP knows which one of his customers is being a jerk, and can cut him off at the knees. 
-gets reported to the registrar when an email is reported as spam. And if the +  ​* ​It permits -- if the sender so desires -- the sender'​s identity to be a bit more verifiable than currently possible, in particular if certificates were available (for more $) that had some documentation on the owner (such as is done with SSL certs [yeah, I know that's not perfect]). It also would provide, as a side effect, a way to do digital change-of-email-address lookups. 
-registrar turns it over to the owner of the certificate,​ now the ISP knows which +  ​* ​It provides a method of doing whitelisting. 
-one of his customers is being a jerk, and can cut him off at the knees. +  ​* ​It provides a method for detecting spoofed headers. 
-<LI>It permits -- if the sender so desires -- the sender'​s identity to be a bit more verifiable than currently possible, in particular if certificates were available (for more $) that had some documentation on the owner (such as is done with SSL certs [yeah, I know that's not perfect]). It also would provide, as a side effect, a way to do digital change-of-email-address lookups. +  ​* ​It provides an extra data point useful when aggressively filtering spam. 
-<LI>It provides a method of doing whitelisting. +  ​* ​To get the ball rolling, it only requires a couple of the major email application vendors to get on the bandwagon. 
-<LI>It provides a method for detecting spoofed headers. +
-<LI>It provides an extra data point useful when aggressively filtering spam. +
-<LI>To get the ball rolling, it only requires a couple of the major email application vendors to get on the bandwagon. +
-</UL>+
  
  
Line 117: Line 108:
  
 So when that email from your boss comes in asking whether he should invest in an exciting Nigerian banking opportunity,​ even though your bayesian filter and your keyword filter are going TILT!, the fact that it appears to be coming from a trusted source means you'll probably read it, and save the company. ​ Which means you can fly to sunny Lagos using your bonus! So when that email from your boss comes in asking whether he should invest in an exciting Nigerian banking opportunity,​ even though your bayesian filter and your keyword filter are going TILT!, the fact that it appears to be coming from a trusted source means you'll probably read it, and save the company. ​ Which means you can fly to sunny Lagos using your bonus!
- 
- 
- 
- 
-As always, your comments and suggestions are gratefully appreciated;​ <A HREF="​mailto:​[email protected]">​email me</​A>​ to let me know what you think. 
- 
- 
  
  
 This proposal was inspired by reading the Slashdot article This proposal was inspired by reading the Slashdot article
-<A HREF="http://​interviews.slashdot.org/​article.pl?​sid=03/​03/​03/​1528247&​amp;​tid=111" TARGET="​_blank">​ISP Operator Barry Shein Answers Spam Questions</A>, in which Barry mentions the idea of stamps on email. ​ My thanks to Barry and all the partipants in that discussion. +[[http://​interviews.slashdot.org/​article.pl?​sid=03/​03/​03/​1528247&​amp;​tid=111|ISP Operator Barry Shein Answers Spam Questions]], in which Barry mentions the idea of stamps on email. ​ My thanks to Barry and all the partipants in that discussion.