<div dir="ltr"><div class="gmail_extra"><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">That is more plausible than it might be as I think that a lot of spam<br>
filtering is done based on the reputation of the sender. </blockquote><div><br></div><div>Sending <b>domain</b> not user. No spam filter I'm aware of tries to calculate inbound reputations on a per user basis.</div><div>
</div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Senders using an authenticated encryption system could have their reputation more<br>
tightly determined than is possible at present.</blockquote><div><br></div><div>Senders already authenticate their mail streams using DKIM and are expected to police it. In other words, if a spammer signs up for 100,000 spammy Gmail accounts and uses them to send a lot of spam, that hurts Gmail's reputation and can result in their IPs being blocked.</div>
<div><br></div><div>For this reason large ESPs all do outbound spam filtering as well, and require a fairly high degree of insight into what their users are doing. E.g. if a major provider generated and published public keys for all their users then allowed encrypted mail to be sent, this would be bad for their users (more chance of receiving spam) but perversely also bad for everyone else, because then they'd find it harder to stop spam being sent <i>from</i> their networks and thus it would hurt their reputation.</div>
<div><br></div><div>The problem of spam filtering and end-to-end encryption is tightly linked, IMO. I cannot see major webmail providers deploying working E2E crypto at scale given the way the email network handles abuse, today.</div>
<div><br></div></div></div></div>