On Mon, Mar 10, 2003 at 12:56:05PM -0800, Hallam-Baker, Phillip wrote:
<Some stuff snipped>
The problem with opt-in for anti-spam campaigners is that the spam senders
get a ready made list of people to spam. So the legislative trick to finesse
this is to have an opt-out list that can be used to check to see if someone
has opted out but not to see how to email them.
This requirement is met by a one-way function, as I have previously observed
(and published in a very prior-art sense) in 1995 or so. There are a bunk of
tweaks that can be applied to make processing more efficient but the upshot
is that anyone can check against the list without the list being a source of
spam addresses.
<Some more stuff snipped>
While such a list would not provide email addresses, it would allow email
addresses to be validated.
If I am a spammer in Elbonia with a 1,000,000 email address CD, then I
could submit each address in turn to the Opt-Out list.
Is abc(_at_)example(_dot_)com in the Opt-Out list? Yes
Is def(_at_)example(_dot_)com in the Opt-Out list? No
Is ghi(_at_)example(_dot_)com in the Opt-Out list? Yes
abc(_at_)example(_dot_)com and ghi(_at_)example(_dot_)com must be valid email
addresses, so
I'll send them some spam.
This is why one does not respond to Opt-Out requests in spam; it
validates the email address to the spammer. This system would allow
them to do this automatically.
--
Richard Laysell <ral(_at_)jackdaw(_dot_)org>
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg