ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Asrg] Economic model is borken. (sic.) Let's fix it

2003-03-07 00:36:22
from [Nate W] [Permanent Link] 
On Thu, 6 Mar 2003, Kee Hinckley wrote:


At 3:51 PM -0800 3/6/03, Nate W wrote:


Sometimes I whitelist the domain beforehand, most times I just check the
'holding pen' folder for a message from the merchant some time later.


The question is not how we do it.  But how someone's grandmother is 
going to do it.  There is no interface.  It's an error-prone and 
manual process.  It also completely fails when a company changes it's 
name, or when the primary domain is not the same as the particular 
store you shopped at.


Granted that we aren't our own target market, and it's error-prone and
manual, but IMAP and a good mail client will provide a UI for the holding
pen folder.  From the receiver's point of view, it's just a good filter,
and like most filters you do need to check the hits from time, and
definitely when an expected message doesn't make it to your inbox.


One can certainly imagine standards to deal with this problem. 
Browser plugins, special URLs....

But fundamentally whitelisting fails without authentication.


Fails occasionally, and would be greatly improved without authentication,
but I think it's only a couple good client implementations away from
acceptance by a sizable chunk of the market.  As filters go, it works very
well and requires little maintenance.  

How would you propose using strong authentication for the 'reciept from a
merchant' scenario?  Or would you?

More interestingly, how do you propose adding authentication to email, in
general?


In fact, I just got one such.  A social engineering paypal theft 
scam.  Mail from Canada, with a form that submits to Rusia, which 
then sends the email to Florida.  Fortunately it fails a trivial 
header check.


Nigerian bank scammers are the only ones to get through my filter so far
(two, maybe three occasions).  I was beginning to think that they were the
only spammers who actually read their responses.

-- 

Nate Waddoups
Redmond WA USA
http://www.natew.com


_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: pros and cons of RMX (Re: [Asrg] Declaration to the world), Adam Back
Next by Date:  Re: [Asrg] Spam detection system proposal, Nate W
Previous by Thread:  Re: [Asrg] Economic model is borken. (sic.) Let's fix it, Kee Hinckley
Next by Thread:  Re: [Asrg] Economic model is borken. (sic.) Let's fix it, Kee Hinckley
Indexes:  [Date] [Thread] [Top] [All Lists]