Brian's Waste of Time

Mon, 20 Oct 2003

PGP/GPG For Spam Blocking

The PGP/GPG web-of-trust concept has never caught on enough to actually be useful -- it hasn't reached the critical threshold of users to draw new users to it because of its actual benefits instead of idealized benefits. This is really a failure of marketing and usability.

Spam could be the problem that pushes encrypted, signed, and web-of-trust oriented emails finally. You can filter emailbased on valid signatures of someone you trust. If you get an email from your brother, signed by his key, you are pretty sure it isn't spam. This is useless right now as, basically, no one uses digitally signed email. If the new PGP Corp. were to cut a deal with one of the big webmail providers (Hotmail, Yahoo!, AOL, etc) to provide this type of spam filtering it might be enough to get critical mass.

Imagine every hotmail account sending out signed email be default. Imagine every hotmail user having a one-deep web-of-trust relationship with everyone in their address book. Imagine the spam filters auto-whitelisting signed/trusted messages.

The webmail providers are in the best position to do this as they have complete access to everyone's address books, email, etc at their web servers. Yahoo! knows who is in your address book at the time the incoming email first hits the web server. They can filter before it even gets past the border SMTP servers. The fact that a very large percentage of email access is now managed by a very few companies makes a fell-swoop type critical mass possible now.

Maybe I need to call PGP, Yahoo!, or Microsoft and propose it to them -- even if they don't want to hire me to do it I'd be happy if they just did it!

0 writebacks [/tech] permanent link