[170459] in North American Network Operators' Group
Re: IPv6 isn't SMTP
daemon@ATHENA.MIT.EDU (Blake Hudson)
Thu Mar 27 15:17:26 2014
Date: Thu, 27 Mar 2014 14:16:48 -0500
From: Blake Hudson <blake@ispn.net>
To: NANOG list <nanog@nanog.org>
In-Reply-To: <21300.30375.863357.496730@world.std.com>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Barry Shein wrote the following on 3/27/2014 2:06 PM:
>
>
> I suppose the obvious question is: What's to stop a spammer from
> putting a totally legitimate key into their spam?
>
It's entirely likely that a spammer would try to get a hold of a key due
to its value or that someone you've done business with would share keys
with a "business" partner . But ideally you'd authorize each sender with
a unique key (or some sort of pair/combination). So that 1) you can tell
who the spammer sourced the key from and 2) you can revoke the
compromised key's authorization to send you subsequent email messages.
There's probably some way to generate authorization such that each
sender gets a unique key or a generic base is in some way salted or
combined with information from the individual you're giving your
authorization to such that the result is both unique and identifiable.
--Blake
