Re: [Asrg] Position paper, in zipped HTML
2003-03-16 14:12:13
And how do people get validate to get access to it securely? Because
if
it's open, you just created a massive, pre-authorized and valid list
of
addresses to suck off and spam. So you have to make it available to
almost anyone (because almost anyone can be a home business with an
e-marketing newsletter), but protect it from spammers who'll happily
agree to whatever you say, suck as many addresses as they can, and
skip
off into the night...
Use a database of SHA1 hashes. You can even maintain exceptions in that
list (again, as sha1 hashes).
So, as a spammer, I still have the ability to verify my addresses as
valid, but can't suck addresses out.
but if I'm the primary target of this, the e-market mass mailer, how
does this work? I have a database of, say, 15 million e-mail addresses.
If someone opts out in this central repository, how is that SHA1 hash
going to get to all of the places it's supposed to be? Are you really
expecting every e-marketer to test its database against the central
server every (how often? week? bi-weekly? daily?) -- how do you scale
this to handle thousands or tens of thousands of sites and their
billions of lookups every week? Does it get pushed out to marketers? if
so, how do you maintain control of it?
How do you build this infrastructure? manage it? pay for it? control
it? secure it? Convince all of the e-marketers to use it? keep the
spammers out of it?
And a key aspect of my original note was lost in this geeky stuff: how
do you set it up in the first place so that users who use it get what
they expect out of it? How do you define what lists ought to be managed
with it and what lists don't so that both sides of the equation (the
subscribers and the subscription managers) understand what is going to
happen? I mean, seriously --- I get the occasional spam report through
spamcop for the double-opt-in mailing list from a user who doesn't
understand filing spam reports isn't how you unsubscribe. I won't even
start with how AOL's set some of their stuff up (we had another user
this week unsubscribed from a list because they'd blocked mail from a
poster on the list, which generated enough bounces to remove them from
the list -- and then they complained about being removed).
one way hashes are the EASY part. Now scale it to the real world.
--
Chuq Von Rospach, Architech
chuqui(_at_)plaidworks(_dot_)com -- http://www.plaidworks.com/chuqui/blog/
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
<Prev in Thread] |
Current Thread |
[Next in Thread>
|
- [Asrg] Position paper, in zipped HTML, Hallam-Baker, Phillip
- RE: [Asrg] Position paper, in zipped HTML, Hallam-Baker, Phillip
- Re: [Asrg] Position paper, in zipped HTML, Chuq Von Rospach
- Re: [Asrg] Position paper, in zipped HTML, Matt Sergeant
- Re: [Asrg] Position paper, in zipped HTML,
Chuq Von Rospach <=
- Re: [Asrg] Position paper, in zipped HTML, Chris Lewis
- Re: [Asrg] Position paper, in zipped HTML, Chuq Von Rospach
- Re: [Asrg] Position paper, in zipped HTML, Chris Lewis
- Re: [Asrg] Position paper, in zipped HTML, Kee Hinckley
- Re: [Asrg] Position paper, in zipped HTML, John R. Levine
- Re: [Asrg] Position paper, in zipped HTML, Valdis . Kletnieks
- Re: [Asrg] Position paper, in zipped HTML, Chris Lewis
- Re: [Asrg] Position paper, in zipped HTML, John R. Levine
- Re: [Asrg] Position paper, in zipped HTML, Chris Lewis
- Re: [Asrg] Position paper, in zipped HTML, Vernon Schryver
|
|
|