[messaging] Modern anti-spam and E2E crypto

Ben Harris mail at bharr.is
Wed Sep 10 04:18:57 PDT 2014 

On 9 September 2014 05:38, carlo walentiny <cajw1 at web.de> wrote:

> Let's divide all the people on planet
> earth into three sets:
>
> {1} people you know;
>
> {2} people you don't know but who know [something about] you
> which makes them think that you would be interested in getting
> to know them/talk to them about something of mutual interest;
>
> {3} people who don't know you -> some of these write botnets
> that spam you because of an x% chance to make some money.
>
>
If we break it down to 4 sets, you have

1. People you have talked with
2. People that want to start a conversation with you
3. People you have asked for updates from (email subscriptions)
4. The rest is probably spam

As mentioned previously, 1. is easy.

3. Could be giving a password/identifier when subscribing. The mail user
agent can know the current password and add the sender to the whitelist
when the subscription confirmation comes in. The password could be encoded
in the email address, and would be changed frequently so if the password is
leaked spammers can't be added to the whitelist.

I'd like to propose for 2. that the message come with a resume-able proof
of work. For example, a chain of proof of works starting the hash of your
public key and the recipient's. When wanting to start a new conversation
you include a 'gift' of say, 30 seconds of work. The amount is arbitrary
and the recommended level would depend on whether spammers are bothering to
show proof of work. If the mail isn't replied to, the sender can retry with
double the proof.

I think being able to sort the list of unknown senders by the level of
proof isn't perfect, but is a pretty simple idea that solves most of the
problem. (imaging your spam folder sorted like that). It relies on the
spammers not being able to generate the proofs much cheaper than regular
senders. Something like Cuckoo Cycle might work if it's GPU resistance
holds up.

The mail user agent would show in the 'unknown' folder a list of new
senders, sorted by the amount of work put in. The user is then able to look
at the highest priority down.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20140910/2f2cb4bb/attachment.html>

More information about the Messaging mailing list