[e2e] was Re: A message to authors - nsdi

[Sharad Agarwal]

Attempting a re-send since it's been 30 minutes and it still didn't go through... ironic given the subject matter...

-----Original Message-----
From: Sharad Agarwal
Sent: Thursday, January 10, 2008 10:13 AM
To: end2end-interest at postel.org
Subject: RE: [e2e] was Re: A message to authors - nsdi

> I was just looking for the information that I once dug up - I'm
> sure I had it in an email somewhere, but it seems I lost it
> (ah, the irony  :-)   ). Seriously, let's assume that I'm
> wrong and no such message exists: then we could still use
> messages like the message-disposition-notification for the
> ACK from the POP or IMAP server back to my SMTP, and such
> a response would typically be ignored by current automated
> answering systems.

> Also, let's say that you only request that service by including
> a special header - it's not a default method then, but something
> that you choose if you want to be totally sure that the message
> was reliably delivered (like marking an important email with a
> "!" as most current mail clients allow you to do).


But as a spammer, wouldn't I mark all my emails as ! and then I'd get positive confirmation about whether my spam was successful in making it past the spam filter? If successful, I continue using that text to spam; if no confirmation, then it's time to change my text and try again. I suspect this is partly why MDN / DSN messages are not fashionable.

An underlying problem is how to separate legitimate senders from other senders. For legitimate senders, you could allow such an ACK service to be used (or better yet, apply different spam rules); but the traditional way of recognizing legitimate senders by their email address isn't foolproof since the from address can easily be forged. So a better way of doing end2end "authentication" (without using heavyweight key exchange & signing) could help. In SureMail we relied on the user context of an email thread to validate a sender to a receiver in future emails, which works fine in that system but may not be scalable for applying to spam filters.