On Sat, Mar 08, 2003 at 06:18:18PM -0700, Vernon Schryver allegedly wrote:
From: "Hallam-Baker, Phillip" <pbaker(_at_)verisign(_dot_)com>
I completely agree with Phillip that mailing lists need to be
fixed. But to me, fixed means being able to distinguish them from spam
and currently there is no reliable way of doing that. As a
consequence, their bulkiness makes them very vulnerable to a lot of
the spam detection strategies and the need for lots of whitelist guff.
I also include in the "mailing list" category, all of the e-marketers
and e-commerce sites that routinely send communications to their
opt-in customers. A simple example might be ebay sending "out bid"
alerts (I'm pretty sure ebay only send such stuff to people who ask
for it, but it still counts as bulky just because so many people ask
for it).
I also agree that it shouldn't be that hard to "fix" mailing lists so
that bulk detection systems can let legitimate mailing list traffic
through.
But, as Vernon says, doing so doesn't need fancy crypto solutions.
It strikes me that mailing lists could be "fixed" by having MUAs
recognize the confirmation process initiated as part of making a
subscription request to the mailing list.
This could be as simple as a new header field that tells the MUA to
generate a unique token - let's call it a confirmation token - as part
of the confirmation reply. Heck, even the Message-ID might do.
If the mailing list s/w records the confirmation token and then uses
it in all subsequent outbound email to the subscriber, than the MUA
can reliably override any bulk detectors/indicators that might be set
by the ISP/MUA/whatever.
It doesn't strike me as especially hard for a mailing list system to
record the confirmation token along with the email address.
It also doesn't strike me as especially hard for an MUA to track the
confirmation tokens it has generated. After all, most of them track
UIDLs for POP, so they probably have the s/w infrastructure to deal
with this sort of keyed data. The confirmation tokens could also be
algorithmic checked of course, obviating the need for a database.
I probably being cavalier about the changes need, but they might be a
reasonable price to pay to forever exclude mailing lists from bulk
detectors and whitelist management hassles.
Confirmation tokens also get the ISP/service provider out of the loop
of guessing whether permission has really been granted for bulky
traffic.
The one down side is that all mailing lists have to send individual
mails to each recipient and we all know what sort of red flag that is
to some bulls.
I'm not trying to propose this as a specific solution, all I'm trying
to demonstrate is that some of our problems could be fixed with
relatively simple solutions, if it weren't for the huge inertia.
Regards.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg