Why hasn't someone built an email system that only accepts signed payloads?
Email would only be allowed into my inbox if it was signed. Then, layer 2, it would only allow signed emails from senders whom I've accepted their public key.
A separate tab would show me all incoming request to accepts public keys (request to send email)
Now to opt-in to a marketing email I first accept their public key. To opt-out I delete their public key. Their email now goes to /dev/null.
Senders wouldn't have to re-implement unsub/subscribe, spammers would be /dev/nulled, and we could later add encryption on top of signing as a requirement.
> Why hasn't someone built an email system that only accepts signed payloads?
Because it requires both parties to play along. Lets say I had such a service and I signed up for an account on Github. Github would have to implement this and give me a key. OK, maybe they do; but Stack Overflow don't. Then I end up reverting to Gmail or Fastmail.
Email would only be allowed into my inbox if it was signed. Then, layer 2, it would only allow signed emails from senders whom I've accepted their public key.
A separate tab would show me all incoming request to accepts public keys (request to send email)
Now to opt-in to a marketing email I first accept their public key. To opt-out I delete their public key. Their email now goes to /dev/null.
Senders wouldn't have to re-implement unsub/subscribe, spammers would be /dev/nulled, and we could later add encryption on top of signing as a requirement.