Decius wrote:
gr33ndata wrote:
Most of the time I can tell if an email is spam using the sender's email address. I know that email addresses can be forged using open SMTP relays etc. So what I am thinking of is that we can use the PKI (Public Key Infrastructure) combined with the Email Servers in order to differentiate between Spam anb Ham.
Organizations as well as ordinary users are supposed to get a Digitical Certificate stating that they are not spammers. These certificates can be obtained from the current CAs (Certificate Authorities) such as VeriSign, Thawte, etc or new entities can be formed for such purpose. These CAs has to be supervise by some organization to decide if they really give Digitat Certificate to non spammers only or not. Users shall sign their Emails with their own Private Keys and Mail Servers are supposed to accept mails that are signed only.
Essentially thats whats happenning, but the process of getting individual users to understand how to sign their emails is a bit involved, so instead people are looking at mail servers. Domain Keys is a proposal for mail servers to digitally sign all of their outbound messages. SPF is a similar proposal but without the need for cryptography. Messages are considered valid if they come from the IP address published in DNS as the mail server for the sending domain.
A number of large mail systems like hotmail, yahoo, and gmail are more likely to flag email that isn't domainkeys or SPF authenticated as spam. If you run your own server you ought to look into doing that too...
Making the server to sign the mails is a good idea, however it wont work in public free mails like yahoo, hotmail, gmail, etc as they will not be able to identify spammers from non spammers.
