You are viewing a plain text version of this content. The canonical link for it is here.

Posted to general@james.apache.org by Lahu <la...@yahoo.com> on 2005/08/01 09:58:12 UTC

Re: Signed e-mail as an anti-SPAM measure

You mean, signed e-mail as a measure to reduce/eliminate false positives !

Bcoz, I dont see how signed mail can be an anti-spam measure. 

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com

RE: Signed e-mail as an anti-SPAM measure

Posted by "Noel J. Bergman" <no...@devtech.com>.

Lahu wrote:

> I dont see how signed mail can be an anti-spam measure.

You know the authenticated id of who sent it.  Spammers don't like the light
of day.  After we lookup the certificate information, we can determine
whether or not to accept e-mail from the sender.  A simple check would find
out whether or not the certificate had been revoked.  If someone's system
were compromised, so that they were unwittingly sending spam using their own
certificate (as if poor security practices were unknown to MS-Windows
users), their certificate could be rapidly revoked, requiring them to get a
new one after cleaning up.  Going beyond that, we could even base some
decisions upon the contents of a WoT, not just CA-based checks.

	--- Noel