[Enigmail] [off-topic] Re: Signing message headers

James Kosin jkosin at beta.intcomgrp.com
Mon Dec 17 08:38:55 PST 2007 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
Phil Stracchino wrote:
> Robert J. Hansen wrote:
>>> I've pondered various times the idea of mailservers signing certain key
>>> headers in each message they originate or relay.  It would enable
>>> unambiguous identification of the real source or injection point of any
>>> spam with headers forged to conceal its origin.
>> It would only allow identification of those mailservers that supported
>> this new feature.  Spammers would instead use spam-friendly mailservers
>> that were not configured so.
>
> People would still have the option of simply dropping all mail that
> wasn't source-authenticated.
>
>> Also, signatures are phenomenally expensive, from a CPU cycle
>> perspective.  Doing one signature per message would bring high-volume
>> servers to their knees.
>
> Yeah, that wasn't lost on me.  I first started thinking about this when
> Microsoft proposed their inane idea of "controlling spam" by requiring
> every mail server to perform some arbitrary complex calculation before
> it could deliver each message, and then somehow proving that it had done
> the calculation, for no other reason than to burn CPU time and make mail
> delivery computationally expensive.  (I consider it one of their more
> bone-headed ideas ever.)  My basic thought was, "Hey, if you're going to
> burn those CPU cycles anyway, you might as well do something *useful*
> with them."
>
>
Actually, there are many things in place to help fight SPAM.

Most SPAM is sent to 100s to 1000s of people at a time.  Both
legitimate and illegitimate spammers don't like waiting for hours or
days to send this many emails.  They try several tricks to either get
the mail out faster or to get other servers to pass along or forward
their work.  Many of the current employed techniques to help remove
SPAM are:
(a)   Reject the first connect attempt to deliver mail.  Most
legitimate servers will try again later.
(b)   Refuse to send mail to more than x-number of people at a time.
(doesn't work for lists or other groups).
(c)   Install or use of SPAM filters, word triggers or other means.
(d)   Black-Lists.  (IPs known to forward or deliver only JUNK).
(e)   Reverse DNS.  Blocks sender from getting through on the first
try.  Most e-mail clients will then forward to the ISP or mail server
on the network to deliver later.
(f)   DNS entries for mail servers as a requirement, both forward and
backward.  This is steadily growing in support.
(g)   Mail delays.  Although painful for everyone, it can cut down the
amount of traffic and frustrate many spammers.


Unless EVERYONE uses GPG to sign EVERY EMAIL what you are asking would
be unfeasible in the near term.

- -James

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
 
iD8DBQFHZqYXkNLDmnu1kSkRApU0AJ4oOMjA1VGiKrN/FVKPVs0cSHKsFwCdEDoJ
c2iMb85db004CfE8kIFAwJ8=
=Wnnf
-----END PGP SIGNATURE-----

-- 
Scanned by ClamAV - http://www.clamav.net

More information about the Enigmail mailing list