Re: [Asrg] Email passwords

[John Levine <asrg at johnlevine.com>]

Email passwords sound to me like an inferior version of channelized or
per-user addresses, like zoemail.com and reflexion.net offer.

Reflexion associates each correspondent with a unique subaddress, e.g.
fred.xyz at example.com.  Their software does the address management
automatically.  If mail comes from an address to its known subaddress,
it's delivered directly.  Whenever you write to a new address, it
makes up a new subaddress and puts it on the outgoing mail.  If they
get mail to your main address from an unknown correspondent, they send
back a sort of a challenge saying "Fred's address has changed and is
now fred.pdq at example.com", to tell the correspondent to use the
appropriate subaddress.  I'm not sure what they do for cases where you
enter your address in a web form when you're buying something and
can't exactly predict where the confirmation mail will come from.

Zoemail does something similar, but without associating particular
correspondents with subaddresses.

Embedding the password in the address avoids all sorts of problems
with correspondents who (not unreasonably) don't feel like managing
your passwords for you separately.

Regards,
John Levine, johnl at taugh.com, Taughannock Networks, Trumansburg NY
http://www.taugh.com



_______________________________________________
Asrg mailing list
Asrg at ietf.org
https://www1.ietf.org/mailman/listinfo/asrg