Re: [tlug] Email address munging in the TLUG archives (C&C)

["Stephen J. Turnbull" <stephen@example.com>]

Josh Glover writes:

 > I am not so sure that this is true any more. I think your "average"
 > spammer is now a professional spammer.

Weighted by quantities received, surely this is so.  In a 100MB sample
of recent spam, almost all of the dupes come from multiple apparently
unrelated by reverse DNS IP addresses.

On the main point, while I agree that economics are such that spammers
are unlikely to break most obfuscations at the present time (since the
vast majority of targets depend on their ISPs to filter, rather than
take proactive action like obfuscation themselves), they'll eventually
get around to it because after all they're descended from the same
monkeys as true humans are.

 > > I very much agree with this. My own plan is for a spam-proof email
 > > system that lives transparently in cooperation with SMTP.
 > 
 > I really don't understand how this could be implemented. Can you
 > provide more details?

It's not really email.  It's digitally signed email, that's all.
*poof*, no interoperability problems.

Why do I say it's not really email?  Because you can't have a public
contact address due to the bootstrap problem---you need a public key
for those who are sending to your "public" address, which implies a
private, expensive in terms of your time, out-of-band mechanism for
exchanging keys.  Sure, you can do the web-of-trust thing, but that
goes only so far.

This is probably good enough (especially for those thoroughly
ingrained in tatemae vs. honne), but it makes me sad.  I don't want a
sharp division between my private and public selves.

Steve