[messaging] Modern anti-spam and E2E crypto

carlo walentiny cajw1 at web.de
Mon Sep 8 01:48:11 PDT 2014


Polite strangers don't spam
------------------------------------------------

Trying for "The simplest thing that could possibly work":

- Friends don't spam you.
- You don't converse with spammers.

=> No need for spam filtering for friends and
people whose emails you choose to reply to.

(In the context of an assumed
email-address-spoofing-proof
e2e encrypted email exchange.)

=> Before Stranger is allowed to exchange encrypted emails
with you, he has to perform a "polite handshake" with you
over normal unencrypted email.

This cleartext semi-automated challenge-response exchange
is guarded by your provider's spam filtering.

Just like in the real world, Stranger first
needs to quickly introduce himself and briefly tell
you why he thinks you might want to converse with him.

This handshake is like a "friend-request" (E2E crypto request)
with a human-generated captcha (a "pitch for your attention"
written by the stranger) which you solve/accept by reading and
simply replying to it if convinced.

After successful completion, you assume Stranger is legit
(unlikely to send spam) and authorize him to communicate
with you over an encrypted channel. There's a blacklist if
you change your mind.


I. Example [POLITELY] email handshake:
------------------------------------------------

Stranger wants you to authorize him for e2e encrypted email
and kicks off with a special (see 2/a below) email message:

---Email-1--->
|
| From: Stranger
| To: You
| Subject: [politely] We met at LeWeb 2013
|
| I was wearing a pink dress, we discussed libertarian
| science fiction, you said you hated bitcoin. I promised
| to send you details about project xyz.

<---Email-2---
|
| In-Reply-To: Email-1
| Date: < at least 7 hours after receipt of Email-1 >
| From: You
| To: Stranger
| Subject: Re: [politely] We met at LeWeb 2013
|
| This is an automated reply
| generated by a polite email client,
| on behalf of "from".
|
| "from" has not yet been shown your original email message.
| If the message shown below was not sent by you,
| please excuse and ignore this reply.
|
| Otherwise,
| simply REPLY to this
| to enable "from" to see your original message.
|
| ----- Your Original Message:
|
| I was wearing a pink dress, we discussed libertarian
| science fiction, you said you hated bitcoin. I promised
| to send you details about project xyz.
|
| <anti-spoof-random-string>

---Email-3--->
|
| In-Reply-To: Email-2
| From: Stranger
| To: You
| Subject: Re: Re: [politely] We met at LeWeb 2013
| ...
| <anti-spoof-random-string>

<---Email-4---
|
| In-Reply-To: Email-1 (not Email-3)
| From: Stranger
| To: You
| Subject: Re: We met at LeWeb 2013
|
| Thanks for being polite. Let's do e2e crypto.


II. Details:
------------------------------------------------

Stranger wants you to authorize him for e2e encrypted email.

1/ Stranger sends you Email-1

2/ Your email client intercepts this email and
detects that the subject is prefixed with "[politely]",
which indicates that the sender agrees to execute
the polite challenge-response dance/protocol.

Your email client (any [politely]-enabled client)
MUST NOT & WILL NOT show this email to you just yet
=> Stranger must be 100% certain that he cannot
possibly get your attention until he has proved
ownership of his email address, see 2/c).

Instead:

2/a It checks if the message is a proper [politely] message:

- it must be text-only,
- it should be one paragraph only
- there must be no attachments (no embedded images etc)
- it must have a maximum of +-413 characters (whatever, 627?)
- [and maybe it must not contain any urls -> 99.9% spam-proof?]

If the message fails this check, your client [may reply
with an explanation of why it rejects it before it]
deletes the message.

If the message passes:

2/b. It waits for some random time between 7 and 17 hours
(proper suggestions welcome, this is to force Stranger to
prove control over his email address for "long enough", maybe
you can configure your email client to your liking, 5 seconds
should do for the first 100 million e2e users...)
before...

2/c. ...it replies with the auto-generated "challenge" Email-2
to figure out if Stranger did not spoof his address, and
to force him to monitor it for "long enough".

3/ Stranger receives Email-2 and simply hits reply to it (Email-3).

4/ Your email client intercepts Email-3, checks its validity,
and deletes it.

4/a If Email-3 is faked (no anti-spoof-random-string): abort.

Instead of the anti-spoof-random-string a simply check
for In-Reply-To: Email-2 would do, provided stranger's
client does generate this header, and message-ids are
reasonable.

4/b Otherwise, your client WILL FINALLY SHOW you Email-1.

(possibly only in your client's spam folder if either the original
or the just-deleted one were classified as spam by your provider).
Your email client might show you a separate twitter-like
"stream" of "fully opened" one-paragraph [politely] requests
which you can process very fast whenever you have a minute.

5/ If you have the time to read and like Stranger's pitch,
simply reply to him (your client could simply let you tap
the pitch in the twitter-like stream to send an auto-generated
reply.

Your reply will cause your email client to whitelist Stranger
for e2e crypto.

>From now on your client accepts e2e emails from Stranger.

If Stranger starts sending stuff you consider SPAM after
decryption, "blacklist" him.


III. Hand-waving:
------------------------------------------------

This is really meant as a general "politely requesting
your attention" protocol which can be used by anyone
using a normal email client to communicate with someone
using a "polite" email client.

If it is used to authorize e2e, Stranger would probably
use an e2e enabled client which would automate some
of the steps for him above.

Also, some kind of DH key exchange could be piggy-backed
on top of the handshake so that by Email-4 (or Email-3)
both sides are ready to go dark. Automated MITM detection
would be insanely great.


IV. Will it work?
------------------------------------------------

And if it does work, would it work even without the provider's
spam filters?

[Mike Hearn:] are there reasonable restrictions on the
format of the "pitch for attention" email (2/a) which
[coupled with a long enough delay before Email-2 is sent]
would make any kind of spam filtering needless because it
would disgust spammers enough not to be polite?


-carlo
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20140908/674deddc/attachment.html>


More information about the Messaging mailing list