An anonymous reader writes:
Given yesterday's discussion of Goodmail, whose methods look like they are trying to provide a service in the most greedy rather than most effective way, I was wondering — what free (as in beer, not speech, though both would be good) alternatives are there that would prevent span? Not filters, but more along the lines of protocol changes. I saw some mentioned, and looked at the details, but would be interested in hearing more.
I thought of something that might prove interesting myself, that could work on the existing email layer.
The idea combines email with SSH/SSL. It has the added benefit of encrypting email, but that's not the key point of the concept.
Clients would send/receive email as normal, except there would be a filter between their client and the mail server (similar to the POP/SMTP filter used with SpamBayes). The filter would provide several tasks, effectively doing what Goodmail does, but for free, and with the people you choose.
Sending:
The filter would contain an address book of you associates who use this system. The address book would have three things for each entry: email address, public encryption key, and secret message.
When an outgoing email comes through the filter, it will use the public key and encrypt the secret message + a null byte + the original subject + a null byte + the original body of the email. It will then take the original email header, and place a predefined message in there, as well as a predefined message in the body as well, attaching the encrypted data after. Finally it would add a tag to the header saying that this scheme was used, and the encryption scheme.
Receiving:
The filter would take incoming mail, and ignore anything that didn't have the tag saying this scheme was used, and simply let it through for the normal spam filter to work on. Anything that did have the tag would be decrypted, the original subject and message placed in the subject/message sections of the email. The trick is, the filter would have your private key and message. If you message wasn't at the start of the email, you could have it simply discard the message, or mark it as spam, etc.
The trick would be transferring the keys in a user friendly manner, nobody wants to write down an email, and an additional 128 characters, or whatever for their public keys. I figure web services will pop up, where a person gets an account, and others can go, and submit their key information (upload their public key file) to the friends account, so that the friend can then download it if he or she wants.