Anti-spam SMTP mods
Lucas Peet
sirsky at lucastek.com
Tue Mar 9 21:43:44 CST 2004
David Nicol wrote:
> Problem two: Assuming that SMTP requires all participating peers to
> sign themselves, how
> does that help arbitrate and filter? Fine, upstanding direct marketers
> will still be sending you
> advertisements for keywords that if mentioned would get this message
> filed as junk, but now
> from an authenticated server.
Because there is no authentication. And yes, spammers & direct
marketers will still be trying to send signed messages that can be
verified where it came from, but those originations can be easily
blacklisted. Also, if like I had mentioned, if a rating system was
implemented at the same time, spam / marketing hosts, because they send
off so much spam, fewer hosts will sign them, because they get spam from
them. This goes back to the PGP trust method - check them out, when
you're 100% sure of their identity, *then* sign their key. If they have
a particularly low spam-to-real email ratio, they'll get a higher rating.
So the servers that are known to *not* send spam will have more
signatures, giving them a higher rating than a server that is *known* to
send spam, which will have fewer signatures, and thus a lower rating.
And only valid, verified and previously signed signatures can sign
others, like you need 2 (or 3?) signatures on your PGP key to be able to
sign another with any kind of authority.
-Lucas
More information about the Kclug
mailing list