[messaging] Hashing entries in a transparency log

[Mike Hearn]

>
> That is more plausible than it might be as I think that a lot of spam
> filtering is done based on the reputation of the sender.


Sending *domain* not user. No spam filter I'm aware of tries to calculate
inbound reputations on a per user basis.


> Senders using an authenticated encryption system could have their
> reputation more
> tightly determined than is possible at present.


Senders already authenticate their mail streams using DKIM and are expected
to police it. In other words, if a spammer signs up for 100,000 spammy
Gmail accounts and uses them to send a lot of spam, that hurts Gmail's
reputation and can result in their IPs being blocked.

For this reason large ESPs all do outbound spam filtering as well, and
require a fairly high degree of insight into what their users are doing.
E.g. if a major provider generated and published public keys for all their
users then allowed encrypted mail to be sent, this would be bad for their
users (more chance of receiving spam) but perversely also bad for everyone
else, because then they'd find it harder to stop spam being sent *from* their
networks and thus it would hurt their reputation.

The problem of spam filtering and end-to-end encryption is tightly linked,
IMO. I cannot see major webmail providers deploying working E2E crypto at
scale given the way the email network handles abuse, today.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20140904/8d11cd9b/attachment.html>