Introduction techniques

From ASRG
Jump to navigationJump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

One approach to dealing with spam is to divide senders into known senders, and unknown senders. This replaces the spam problem with the introduction problem, how to allow unknown senders to introduce themselves and become known senders, in a way that admits good senders and excludes bad ones.

Successful division into known/unknown implicitly assumes some sort of sender authentication, since it's trivially defeated if a bad guy can impersonate a known sender. When the known sender who's impersonated is someone who has a financial or other trust relationship with the recipient, the usual term is phishing.

Introduction techniques all share a basic set of shortcomings, notably that there are many legitimate senders who won't complete an introduction process, either out of principle or more typically because the sender is a piece of software that doesn't understand the introduction challenge, that a formerly good sender can turn bad, and that in the presence of weak authentication, introduction challenges can to to parties other than the actual sender.

Retrieved from "https://wiki.asrg.sp.am/index.php?title=Introduction_techniques&oldid=1533"