Introduction techniques

From ASRG
Jump to: navigation, search

One approach to dealing with spam is to divide senders into known senders, and unknown senders. This replaces the spam problem with the introduction problem, how to allow unknown senders to introduce themselves and become known senders, in a way that admits good senders and excludes bad ones.

Successful division into known/unknown implicitly assumes some sort of sender authentication, since it's trivially defeated if a bad guy can impersonate a known sender. When the known sender who's impersonated is someone who has a financial or other trust relationship with the recipient, the usual term is phishing.

Introduction techniques all share a basic set of shortcomings, notably that there are many legitimate senders who won't complete an introduction process, either out of principle or more typically because the sender is a piece of software that doesn't understand the introduction challenge, that a formerly good sender can turn bad, and that in the presence of weak authentication, introduction challenges can to to parties other than the actual sender.