OpenID - getting mass take up, anti-spam?

Johannes Ernst at
Fri Jan 6 16:54:22 UTC 2006

I like your thinking because it's quite similar to some of my own  
thoughts ...

Will write some more this afternoon, but in the meantime, have you  
checked out the "authenticated messaging" feature at While  
it currently only supports LID authentication -- OpenID  
authentication is currently being developed -- it's quite similar to  
what you outline. The essence of which is:
  - Senders and receivers of messaging are identified by URL, e-mail  
addresses etc. are never published
  - All sent messages are tied back to the sender's public key and  
thus sender addresses cannot be falsified
  - the code on the receiving end of the message decides what to do  
with it -- you list some of the choices, there are others (like "this  
is from my wife, forward to SMS" vs. "this is from my in-laws, let's  
set the "Ignore" header when forwarding to e-mail ;-))

The biggest issue in all of this is integration with e-mail clients.  
The receiving end is relatively straightforward, but the sending one  
isn't. (Maybe you have some better ideas that I do on this, if so,  
let's hear them!)

You can get the code that runs at from -- PHP,  
Perl and Java -- if you'd like to try out some of these ideas.

On Jan 6, 2006, at 5:49, Mark Cross wrote:

> An idea - feedback required, mad / stupid /possible?
> You log into your OpenID server - go to initate email to a new person
> You enter the person’s OpenID into the To: field
> Choose your email From: (if your profile knows about multiple email  
> accounts you hold and your OpenID server will confirm as holding)
> Your OpenID server (acting as a consummer) queries the receivers  
> OpenID server to see if your OpenId is already on the person’s  
> white list, if not up pops up a captcha box
> On correct entry it returns back the to your OpenID server the  
> “correct target email address” and ”authorisation key” (the  
> receiver’s OpenId server makes a note of your email address,  
> authorisation key and adds your email address to their white list),  
> your OpenID server also embeds the key into the header of the email  
> which about to be sent
> The key might be an MD5 of your OpenID plus the receives OpenID  
> plus timestamp plus random number plus a salt (I’m no expert here  
> advice please)
> Your OpenID server also adds the target email address into your  
> address book for you to further manipulate and tag within your  
> OpenID server profile. The receive like wise now has a new person  
> they can choose to tag within address box
> For the receives end before they check their email, they log into  
> your OpenID server and it also holds your email login details. You  
> can sweep and it validates the emails by reading headers and  
> looking for the authorisation key or white list entry in your  
> profile. (Linked to a blackhole database it offers allow you really  
> clean up your quebefore you request your emails with your normal  
> client.)
> At first this would be implemented as a web based system - to get  
> you on the person’s white list, then next time you could use your  
> usual email client. After a time the system would gain popularity  
> and get included in standard email clients
> There will be three types of email, email with no authorisation  
> key, email on your white list, possible spam
> In the corporate world your emails would be scanned for the  
> authorisation keys before they reached your MS Outlook box!
> At point into time when take up has become universal you can just  
> set your system to automatically delete the possible spam queue -  
> your choice
> After the initial spec the system needs one or two ISPs as sponsor  
> who use SquirrelMail and Horde. Where their email server is able to  
> act as the person’s OpenID server to mark email messages as people  
> log into their accounts
> Grisoft could be approached to create a freeware Exchange plug-in  
> to automatically check incoming email, as they would get a lot of  
> public visibility from such a move
> Next would be to get a OpenSource Windows cleaner which would login  
> to your OpenID server to do the cleaning before you ran Outlook  
> Express or whatever
> After that we would be looking a widespread take up along with  
> address book synchronisation for thick email clients with your  
> OpenID server’s
> up-anti-spam/
> Request for feedback!
> Cheers Mark
> (If this doesn't work because it's in HTML - sorry this is a beta  
> account and I can't figure out how to send plain text...)
> Express yourself instantly with MSN Messenger! MSN Messenger

Johannes Ernst

-------------- next part --------------
Skipped content of type multipart/related

More information about the yadis mailing list