[108275] in Cypherpunks
Re: CDR: Re: Idea to eliminate most spam on mailing lists [CP] (fwd)
daemon@ATHENA.MIT.EDU (Jim Choate)
Wed Feb 10 14:21:26 1999
From: Jim Choate <ravage@einstein.ssz.com>
To: cypherpunks@einstein.ssz.com
Date: Wed, 10 Feb 1999 12:31:36 -0600 (CST)
Reply-To: Jim Choate <ravage@einstein.ssz.com>
----- Forwarded message from Tom Vogt -----
Date: Wed, 10 Feb 1999 18:14:08 +0100
From: Tom Vogt <tv@wlwonline.de>
Subject: Re: CDR: Re: Idea to eliminate most spam on mailing lists [CP]
Jim Choate wrote:
> That isn't a key, that's a passphrase (even if you generate it with PGP)
> because there isn't any mechanism to deal with duplicates and such. The exact
> same mechanism can be implimented now by simply using the subscribers source
> address and telling foo.config to not accept any submissions from outside the
> list. Crypto does not equal security.
one difference is that it would still allow outside submissions, but
only if they are signed by a known key. e.g. people who only
occasionally contribute.
> >what would that gain a spammer? my public key is exactly that - public.
> >I don't see how a spammer can profit from knowing it.
>
> Access to a new potential market - MONEY.
how? how does a spammer earn money from knowing my public key?
> >what a spammer would have to do to post spam on mailing lists would be:
>
> >1. generate a new pgp key
> >2. make it known to the listserver (see above)
> >3. post spam
>
> >that's two more steps than usual.
>
> So what? You seriously think that if this was large enough the spammers
> wouldn't figure out how to submit a key (PGP or otherwise) to gain access
> to the list? Hell, a new CD business would boom over this one. Not only
> would you get lists of millions of valid email addresses but now they could
> sell lists of thousands of mailing lists and associated passphrases.
no passphrases. what you need is not the LISTSERVER's key, but a key for
yourself. and because your key will get banned pretty quickly once you
post spam with it, you'll have to generate a new key every spam. I agree
that it's easy to have a cd full of keys ready, though.
> I'd give this thing a window of about a week for stopping spam.
I agree that it wouldn't solve the problem.
----- End of forwarded message from Tom Vogt -----
So the "outside" submission would have to submit their key to the remailer
before submitting their traffic, correct? This is a significant change in
the meaning of "outside" than is currently understood. It means in fact they
are known to the remailer since they'd need to submit both a key and an
address to assign it to. Or do you propose a simple heap of keys that are
searched each time a message-key combo is submitted?
They profit from knowing your key because they can then assign an identity
to the key, hardly anonymous.
____________________________________________________________________
The more you have, the less you lose.
General Sir William Slim
The Armadillo Group ,::////;::-. James Choate
Austin, Tx /:'///// ``::>/|/ ravage@ssz.com
www.ssz.com .', |||| `/( e\ 512-451-7087
-====~~mm-'`-```-mm --'-
--------------------------------------------------------------------
