Yeah, I get emails like these too. It would be a lot of work for such a
disposable conversation.
Maybe we should devise a list of spam reducing technology and prioritize it.
My list would read:
0) Receiver Anoniminity
1) Sender verification (see note below)
Note: This should be considered different from a simple RCPT-TO check. While
easily implemented as such, it can be used to validate an address (violating
#0) IMHO RCPT-TO should not ever return an error until after the socket is
closed. Then when it goes to return an unknown mailbox error, it ends up
doing a verify of the From address. This does several things. 1) It will
prevent unnecessary error messages being sent back to a no-good address. 2)
It will slow/prevent address receiver verification.
While on the subject of recipient verification, can we do something about
embedded images in html messages? For the un-initiated: A spammer can assign
a picture (even a 1x1 transparent pixel picture) to a message. Using the
<IMG SRC="foo(_dot_)php?a=jhihn(_at_)yahoo(_dot_)com"> he can cause your client
to load that
image. But that image is a script that quietly submits (and therefore)
verifies your email address before it sends out the image. Can we come up
with a standard that requires all images (any binary content really) to be
embedded? My preferred email client has a check box to "not load remote
images in mail", which works for me, but I fret over people whose clients
aren't so careful.
-----Original Message-----
From: asrg-admin(_at_)ietf(_dot_)org
[mailto:asrg-admin(_at_)ietf(_dot_)org]On Behalf Of Kee
Hinckley
Sent: Thursday, March 13, 2003 1:44 PM
To: Jason Hihn
Cc: Damien Morton; 'ASRG'
Subject: [Asrg] RE: Proxy your address (Was: Random thought)
...
Well, there's the little matter of the software he has to install to
manage all these fake addresses. But no, the complication I assume
Damien was referring to was on the other side. You've made it too
complicated to talk to someone.
I get mail from random strangers that goes: "I liked that article
you wrote." Do you really think they are going to jump through all
of these hoops in order to send me that?
What about the guy who says, "I just tried xxx you wrote, and there's
the bug where it does such and such--here's a fix."
Challenge response systems are extremely annoying to people who are
trying to talk to you. They are so annoying that there is no way a
company would use them on contact email addresses. And as an
individual I wouldn't get lots of messages I'd really like to get.
Ironically, there is one class of people who will wade through a
challenge response system. The people who really want to sell me
something.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg