From: "david presotto" <presotto@closedmind.org>
To: <9fans@cse.psu.edu>
Subject: Re: [9fans] re: spam filtering fs
Date: Tue, 2 Sep 2003 18:16:31 -0400 [thread overview]
Message-ID: <002701c3719f$de0145f0$3129ff87@bl.belllabs.com> (raw)
In-Reply-To: <200309021608.h82G8Wj21273@augusta.math.psu.edu>
What smime (and pgp) can achieve is digital signing so that spammers can't
masquerade
with From:'s of people in your white list.
----- Original Message -----
From: "Dan Cross" <cross@math.psu.edu>
To: <9fans@cse.psu.edu>
Sent: Tuesday, September 02, 2003 12:08 PM
Subject: Re: [9fans] re: spam filtering fs
> > Another way of achieving authentication for email is to implement and
> > use S/MIME or PGP. I'm not sure either that or "import ... /mail"
solves
> > the computational cost of spam if the bad guys create invalid
signatures,
> > but it does make a white-list filter more effective.
>
> I see the two as complimentary. Just because you're securing the contents
> of the wagon by wrapping them in a patrol of the King's men-at-arms
doesn't
> mean you shouldn't also endeavor to clear out the highway robbers.
>
> > Any volunteers to implement S/MIME for Plan 9? A couple of us here at
> > Bell Labs have worked on it off and on, but there aren't enough free
> > hands here to get it done promptly. Step one is to implement CMS (also
> > known as PKCS#7 or rfc2315) starting from the ASN.1 goo in
> > /sys/src/libsec/port/x509.c or, if you prefer, by porting an ASN.1
> > compiler.
>
> Help! I'm melting!
>
> > By the way, I've happily used PGP for many years but decided that S/MIME
> > was more likely to catch on because it is already moderately well
> > supported by default in Outlook and Netscape/Mozilla.
>
> I thought there was an effort to merge OpenPGP and S/MIME in some way?
> S/MIME requires a lot of scaffolding to use effectively; PGP has a much
> lower startup cost. That said, I'm not a big fan of either. Most
> people don't need that level of privacy (despite what they may think,
> no one's out to get them and the FBI could care less about their D&D
> campaign plans). For cutting down on spam, this seems like cutting
> butter with a chainsaw. A much simpler method would be to just put an
> X- header with some sort of agreed upon token into one's email. Is it
> secure? Not really, no, but it'll defeat 99% of the wannabes, and
> that's a lot of bang for the buck. Of course, either would be nice to
> have for other reasons (everyone knows the government *really is* out
> to get Boyd, for instance...).
>
> A way to exchange tokens: instead of doing it via email, generate an
> image for an unknown user, put it on a public web server somewhere, and
> send them a URL. Once they get there, have them send back a
> description of the image and then send them a token. This defeats
> auto-harvesters that are smart enough to send you back a reply to our
> ``send this string back if you're not a spammer'' token. This will
> work for a while until the spammers start to implement image
> recognition software.
>
> - Dan C.
>
>
next prev parent reply other threads:[~2003-09-02 22:16 UTC|newest]
Thread overview: 55+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <1270037699@snellwilcox.com>
2003-09-01 15:45 ` steve.simon
2003-09-02 1:43 ` ron minnich
2003-09-02 1:53 ` boyd, rounin
2003-09-02 1:58 ` ron minnich
2003-09-02 2:04 ` Skip Tavakkolian
2003-09-02 2:15 ` boyd, rounin
2003-09-02 2:12 ` boyd, rounin
2003-09-02 2:00 ` boyd, rounin
2003-09-02 13:56 ` Eric Grosse
2003-09-02 16:08 ` Dan Cross
2003-09-02 21:28 ` boyd, rounin
2003-09-02 22:16 ` david presotto [this message]
2003-09-02 22:36 ` ron minnich
2003-09-03 0:59 ` Dan Cross
2003-09-03 1:50 ` Geoff Collyer
2003-09-03 3:35 ` Micah Stetson
2003-09-03 12:43 ` boyd, rounin
2003-09-03 12:41 ` boyd, rounin
2003-09-03 5:48 ` david presotto
2003-09-07 1:56 ` Dan Cross
2003-09-07 4:04 ` ron minnich
2003-09-07 5:34 ` Dan Cross
2003-09-07 8:51 ` boyd, rounin
2003-09-07 19:34 ` ron minnich
2003-09-07 12:35 ` David Presotto
2003-09-07 19:05 ` Dan Cross
2003-09-07 20:15 ` boyd, rounin
2003-09-08 2:22 ` Geoff Collyer
2003-09-08 5:21 ` Lucio De Re
2003-09-08 9:45 ` boyd, rounin
2003-09-03 12:37 ` boyd, rounin
2003-09-03 14:09 ` matt
2003-09-03 13:42 ` Russ Cox
2003-09-03 16:21 ` Dan Cross
2003-09-03 7:38 ` Fco.J.Ballesteros
2003-09-03 7:59 ` Lucio De Re
2003-09-03 8:24 ` Fco.J.Ballesteros
2003-09-03 12:03 ` boyd, rounin
2003-09-03 19:54 ` David Presotto
2003-09-03 21:26 ` boyd, rounin
2003-09-04 5:42 ` Lucio De Re
2003-09-04 6:15 ` George Michaelson
2003-09-04 6:10 ` Lucio De Re
2003-09-04 6:31 ` George Michaelson
2003-09-04 14:07 ` ron minnich
2003-09-03 14:27 ` ron minnich
2003-09-02 15:57 ` Dan Cross
2003-09-01 20:31 matt
2003-09-03 9:13 lucio
2003-09-03 10:09 ` Lyndon Nerenberg
2003-09-03 12:25 ` boyd, rounin
2003-09-04 4:57 ` Lucio De Re
2003-09-05 1:43 ` boyd, rounin
2003-09-05 1:52 ` David Presotto
2003-09-05 2:17 ` boyd, rounin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='002701c3719f$de0145f0$3129ff87@bl.belllabs.com' \
--to=presotto@closedmind.org \
--cc=9fans@cse.psu.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).