Re: Authentication and email

[Paul Hoffman / IMC <phoffman@imc.org>]

At 9:33 AM -0800 1/31/03, Eric Rescorla wrote:
> I'm not sure how you're drawing the distinction between providing
> authentication for content and for senders.
None of the headers are authenticated by S/MIME and PGP; only the body is.

At 9:59 AM -0800 1/31/03, James Kempf wrote:
>  > This is an absurd argument. The security you are trying to achieve in
>  > 3GPP is completely unrelated to spam prevention.
>
> I would more characterize it as a category error.
Quite possibly true.

> IMHO, spam reduction has more to do with economics. As long as
> sending millions
> of unsolicited emails is cheap, the arms race between spam filters
> and spammers
> will continue.
Following this logic, the only way to use S/MIME or PGP to reduce
spam is for IETF mailing lists to reject all mail from unknown
senders, and to reject all unsigned mail from known senders. This
would certainly reduce spam; it would also reduce valid mail from new
participants and from current participants who are sending from
machines that are not set up the way their other machines are.

> However, I don't think there is a clean technical solution to this
> problem, like
> "use PGP" or "use S/MIME".
Fully agree.

--Paul Hoffman, Director
--Internet Mail Consortium