[e2e] was Re: A message to authors - nsdi

[Michael Welzl]

> But as a spammer, wouldn't I mark all my emails as ! and then I'd get
positive confirmation about whether my spam was successful in making it past
the spam filter? If successful, I continue using that text to spam; if no
confirmation, then it's time to change my text and try again. I suspect this
is partly why MDN / DSN messages are not fashionable.

But couldn't that kind of process also be applied now, just with a NACK
(because, being a spammer, I'm the sender and receiver)?
I get some free email accounts and send spam everywhere, and check
(maybe automatically) if it made it - if it didn't, I'll know.

If I'm right about that, then there's no harm in adding an ACK to
email.


> An underlying problem is how to separate legitimate senders from other
senders. For legitimate senders, you could allow such an ACK service to be
used (or better yet, apply different spam rules); but the traditional way of
recognizing legitimate senders by their email address isn't foolproof since
the from address can easily be forged. So a better way of doing end2end
"authentication" (without using heavyweight key exchange & signing) could
help. In SureMail we relied on the user context of an email thread to
validate a sender to a receiver in future emails, which works fine in that
system but may not be scalable for applying to spam filters.

That's not necessary if I'm right in what I say above: if that system
doesn't give spammers a mechanism that they now don't have,
there's probably no point in disallowing its use for certain people.

Cheers,
Michael