On Sat, 13 Jan 2001, Ray Dillinger wrote:
> list don't think this is spam?" and yes/no buttons. The
> subscribers just have another little button on their mail
> reader - So it goes Next message, delete, reply, reply all,
> spam.
Well, the totally trivial and stupid thing is for a list reader to
sign a message saying "I think message X is spam" and send it to the list
server. Actually, he doesn't even have to send the message; he can just
send the signature if the message is in some canonical format.
The server can verify the signature, verify the user's ID, increment a
counter, and throw away the signature. When the counter passes a
threshold T, -chomp- the server eats the bond.
The server can even keep the signatures around if it wants to prove to the
luser later that yes, lots of people really did think his message was
spam.
This has at least two problems
1) Identifies the user who says "I think this is spam."
Not a good idea in principle, possibly not a good idea in
practice. A potential solution would be a way for a user
to sign a message in such a way that
* no one can determine which individual public key signed
the message
* yet anyone can determine that the signer's public key
belongs to a specific set of public keys (chosen by the
signer and fixed at signature time to avoid the problem
with "well, remove one public key and try again!")
in this case, the set of eligible list voters.
There's probably some crypto voting paper which solves a problem
much like this. I'm not up on that.
2) Keeping an audit trail so the server can prove that the
majority really did think message X was spam. With this proposal
audit trails consist of up to T signatures, where T is the
threshold used to trigger the spam alert. At like 1K per signature
and many e-mails, this could be sizable.
-David
