ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Asrg] Position paper, in zipped HTML

2003-03-16 14:12:13
from [Chuq Von Rospach] [Permanent Link]
And how do people get validate to get access to it securely? Because if it's open, you just created a massive, pre-authorized and valid list of 
addresses to suck off and spam. So you have to make it available to
almost anyone (because almost anyone can be a home business with an
e-marketing newsletter), but protect it from spammers who'll happily
agree to whatever you say, suck as many addresses as they can, and skip 
off into the night...


Use a database of SHA1 hashes. You can even maintain exceptions in that
list (again, as sha1 hashes).
So, as a spammer, I still have the ability to verify my addresses as valid, but can't suck addresses out.
but if I'm the primary target of this, the e-market mass mailer, how does this work? I have a database of, say, 15 million e-mail addresses. If someone opts out in this central repository, how is that SHA1 hash going to get to all of the places it's supposed to be? Are you really expecting every e-marketer to test its database against the central server every (how often? week? bi-weekly? daily?) -- how do you scale this to handle thousands or tens of thousands of sites and their billions of lookups every week? Does it get pushed out to marketers? if so, how do you maintain control of it?
How do you build this infrastructure? manage it? pay for it? control it? secure it? Convince all of the e-marketers to use it? keep the spammers out of it?
And a key aspect of my original note was lost in this geeky stuff: how do you set it up in the first place so that users who use it get what they expect out of it? How do you define what lists ought to be managed with it and what lists don't so that both sides of the equation (the subscribers and the subscription managers) understand what is going to happen? I mean, seriously --- I get the occasional spam report through spamcop for the double-opt-in mailing list from a user who doesn't understand filing spam reports isn't how you unsubscribe. I won't even start with how AOL's set some of their stuff up (we had another user this week unsubscribed from a list because they'd blocked mail from a poster on the list, which generated enough bounces to remove them from the list -- and then they complained about being removed). 

one way hashes are the EASY part. Now scale it to the real world.


--
Chuq Von Rospach, Architech
chuqui(_at_)plaidworks(_dot_)com -- http://www.plaidworks.com/chuqui/blog/


_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Asrg] Re: Spam is a security problem, Brad Spencer
Next by Date:  Re: [Asrg] Position paper, in zipped HTML, Chuq Von Rospach
Previous by Thread:  Re: [Asrg] Position paper, in zipped HTML, Matt Sergeant
Next by Thread:  Re: [Asrg] Position paper, in zipped HTML, Chris Lewis
Indexes:  [Date] [Thread] [Top] [All Lists]