|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Force encryption or signature of received mails
From: mouss (usebsd
free.fr)
Date: Tue Nov 01 2005 - 12:25:25 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Manu a écrit :
>Hi,
>
>For some recipient like webmaster, abuse and such public addresses I
>would like to force the mail to be encrypted (or signed). The checking
>would be done at the "before queue" level, to be able send a message
>telling that the message must be signed (by the sender) or encrypted
>(with the public key of the recipient). Enventually, the message could
>incorporate an URL to a formular on a website. Clearly this is mostly to
>avoid SPAM but without deleting these addresses.
>
>And now the question.
>Is this mecanism break some RFC recommendations, or not ? Is this a
>common mecanism to avoid SPAM on specific mail ?
>
>
you are reinventing challenge-response mechanisms, though without a
bounce; but the sender will get a bounce by his MTA though, so the
annoyance level is the same. some issues:
- this is annoying. if I get any message like that, I'll just add the
recipient to a block list so I don't have to deal with such things.
- very few users know what pgp/smime is. don't ask'em to install that
software, to generate keys, to retrieve those of other people...
also, doing so for abuse, postmaster and friends will get you out of
the "open" mail system...
and in any case, you can't challenge the empty envelope sender. so if I
get such a challenge, I'll just repost my message with an empty envelope
sender. and if that gets blocked, I'll forget about the whole domain.
There are a lot of anti-spam measures, and some work well (90% to 99% to
more catch rate, with few false FPs)
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]