- From: Cem Karan <Cem.Karan@usa.alcatel.com>
- Date: Thu, 03 May 2001 11:08:48 -0400
- To: Steve Glassman <steveg@pa.dec.com>
- CC: Aaron Swartz <aswartz@swartzfam.com>, Al Gilman <asgilman@iamdigex.net>, www-talk@w3.org
Steve Glassman wrote: >>>SNIP<<< > So you are spammed if you do and spammed if you don't. ARGHHHHHHH, and it was such a useful idea too!!! :_( So the current problem is how to handle the 'return to addressee' spoof. One possibility is to silently drop 'bad' mail. When a user receives the mail, the protocol allows them to send a message back saying that they got it. I haven't thought enough about this to decide if the user should be allowed to generate the replies (probably by hitting a button) or have it be automatic when they download the message. I prefer the former as it allows you to ignore messages (useful, in case someone does crack your key and wants to see if there is a real person on the other end). The latter requires less work on the users part. It would probably be a good idea to mix the two in some way, but I'm not sure how. Thoughts? Also, does this auto reply need to itself use hash cash? And does this method make debugging errors in the system so difficult that the whole thing is unworkable? > But all of this assumes a world where mail clients are primed to use hash > cash and we don't have one of those. In that case, we merely have to solve > mailing lists... We might be able to silently drop messages that don't match for listservers, as you will get back a copy of your message anyways when the listserver sends out the messages to everyone. The message coming back to you would be equivalent to the autoreply. More thoughts are welcome, especially ones that show weaknesses in the scheme, or solutions to those weaknesses. Cem Karan
Received on Thursday, 3 May 2001 11:09:41 UTC