[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re[2]: [Asrg] Email passwords

To: asrg at ietf.org
Subject: Re[2]: [Asrg] Email passwords
From: Pete McNeil <madscientist at microneil.com>
Date: Tue, 13 Jul 2004 18:07:25 -0400
In-reply-to: <200407131703.i6DH3xV03080@panix5.panix.com>
List-archive: <http://www1.ietf.org/pipermail/asrg>
List-help: <mailto:asrg-request@ietf.org?subject=help>
List-id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-post: <mailto:asrg@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
Organization: MicroNeil Research Corporation
References: <295fa589b03a73e0d8eea9d971b7388a40f3ec74@polyhedra.com> <200407131703.i6DH3xV03080@panix5.panix.com>
Reply-to: Pete McNeil <madscientist at microneil.com>
Sender: asrg-bounces at ietf.org

On Tuesday, July 13, 2004, 1:03:59 PM, Seth wrote:

SB> "Tim Bedding" <tim.bedding at polyhedra.com> wrote:
>> David Wheeler and everyone

>>> It's a trivial approach. Just designate some word/phrase as your
>>> email password. If a message has the email password in the subject
>>> line, rank the message as much less likely to be spam,
>>> or just throw it immediately into your Inbox.
>>
>> This strikes me as similar to the challenge-response schemes
>> that some have placed on their email addresses.

SB> Except: If you have a password, and a spammer forges email from me to
SB> you without the password, I don't get spammed by your C/R
SB> autoresponder.  Since it's a purely passive mechanism, I (as a
SB> potential third-party victim of spammers) have no objection to it.

We've used and recommended this approach for families, clubs, and
church groups etc. PL (Private List) codes we called them. They work
very, very well. If a code gets compromised then a new code can be
broadcast to the group. Anyone outside the group is then - well -
outside the group so they cannot send.

There are places where this mechanism does not work, of course, but
where it does work it is simply amazing. (Kids seem to get a kick out
of sharing secret codes with their friends anyway.)

-- There is no challenge/response here - the authentication is simply
passed forward. You can only join the group by invitation.

So, if you have a child on the 'net you put them behind a filter that
only allows messages that include the password. They can give the
password to their friends (with permission in theory) and it is
presumed that people in the family group will also have the password.
They may even include it in their signatures.

To keep things tidy and interesting the password is changed once a
week or so.

This mechanism virtually guarantees that the child, or even grandma,
will only receive good messages from authorized senders.

_M

PS: PL Codes was also a play on PL tones used in early radio relay
(repeater) systems. Folks who work with amateur radio find this
to be a good analogy for explaining the technique.

_______________________________________________
Asrg mailing list
Asrg at ietf.org
https://www1.ietf.org/mailman/listinfo/asrg

References:
- [Asrg] Email passwords
  - From: Tim Bedding
- Re: [Asrg] Email passwords
  - From: Seth Breidbart

Prev by Date: Re: [Asrg] Email passwords
Next by Date: Re: [Asrg] Re: Email passwords
Previous by thread: Re: [Asrg] Email passwords
Next by thread: RE: [Asrg] Email passwords
Index(es):
- Date
- Thread