Comments: The Phishing Borg - now absorbing IM, spam, viruses, lawyers, courts and you

Will digitally signed email become more popular due to various attacks executed via email?
I still think it's a usability issue, no more.

Posted by Daniel A. Nagy at August 4, 2005 01:47 AM

Not really. The problem is that the use of signed email by itself doesn't help, you have to use the keys intelligently; they already tried this with yahoo or microsoft, I forget which, and the spammers were the only ones who bothered. As predicted.

The only way in which you can tell a spammer is if you use your own information to decide that a particular key is recognised or not. This leaves out people who you have never talked to before, so it is only a partial solution.

Also, trying to get email clients to actually use the crypto is well nigh impossible. All clients are currently locked in the "crypto RFC model" mode which means they do what the original designers thought was best, which is out of date but at least a decade (PGP), more like three decades (PKI). For x.509 it means PKI which is completely spam-friendly and anti-spam-detection.

S/MIME is unusable, and Kmail with GPG is only "slightly usable" because of the amount of use cases they have to work through and hack out. This is why there are so many startups trying to do encrypted email.

Posted by Iang at August 4, 2005 03:17 AM

I totally agree that current solutions for signed email are only marginally usable at best. But signing emails seems to be the only way to whitelist friends.

Distinguishing between never-seen-before people and spam is theoretically impossible, so these emails need to be presented for inspection but marked as potential spam and deleted after a short time if not explicitly whitelisted after having them read.

Posted by Daniel A. Nagy at August 4, 2005 03:16 PM
Post a comment









Remember personal info?






Hit Preview to see your comment.
MT::App::Comments=HASH(0x5556490d6f20) Subroutine MT::Blog::SUPER::site_url redefined at /home/iang/www/fc/cgi-bin/mt/lib/MT/Object.pm line 125.