Kee Hinckley wrote:
At 9:07 AM -0500 3/8/03, Eric S. Johansson wrote:
problem has been solved with stamps. I know I'm sounding like a
broken record (or will very shortly). The model is if you filter for
stamps, then a robot can attach a stamp to an auto response and it
will get to your inbox. It's
1. What is the incentive for a company to add a stamp? You initiated
the transaction, and now you are charging them to communicate with you
about it. Why won't they just add a disclaimer to the site telling you
that you should let there stuff through?
good question. here are two answers that I usually give. Which works for you?
1) the incentive is to make sure their messages delivered. In the physical
world, if I call them up on the telephone and order a catalog, they have an
incentive to add postage to make sure I get but I asked for otherwise they risk
me taking my business elsewhere. so, why should not be the same electronically.
2) increasingly, antispam filters are taking out legitimate communications from
businesses. The use of a stamp would allow them to bypass the filters without
requiring the recipient to do anything special (i.e. white list, filter exception).
2. If they do automatically add a stamp, what keeps me from abusing that
fact by continuously generating non-paying transactions which require
responses?
this is a serious risk factor before near full adoption. In a nutshell, the
business would need to be careful about how many messages it was prodded into
generating for a given address. There would need to be some logic put into the
robot to say "hey! I have received over X messages in the past Y hours from
this user. Time to get a human".
another variant of this would be to create a denial service attack by forging
from address so simple logic like the above wouldn't work. A third variant
would be to have a robot hammering on the Web site generating message requests
to random destination addresses.
I accepted this is a weak spot but I believe it can be solved. Using techniques
such as address probes (i.e. does this domain/user exist) and rate analysis
(normal vs. abnormal levels of traffic) can help minimize the impact.
There are some other solutions I'm thinking about but they aren't well enough
formed for public disclosure.
(If you've got an FAQ on these things somewhere, feel free to point me
at it.)
unfortunately, not yet. have you read http://harvee.billerica.ma.us/camram/
yet? I want to do an faq in a wiki but I need a wiki for the camram site and I
haven't had the cycles to set it up.
---eric
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg