In article <33D5B790-577A-11D7-9AED-0003934516A8(_at_)plaidworks(_dot_)com>,
Chuq Von Rospach <chuqui(_at_)plaidworks(_dot_)com> wrote:
On Saturday, March 15, 2003, at 09:18 PM, Hallam-Baker, Phillip wrote:
I think I should be able to opt out once and get off every list.
I like this idea, but I wonder if it's practical.
Considering the number of times it's already failed, including Rodney
Joffe's safeEPS and the Direct Marketing Association's e-MPS, I think
we can safely say that it's not practical.
Technically it's no big deal, the central source compiles its list of
addresses and then sends out hashcodes of all of them every week or
month or whatever.
The problem is one of the crucial differences between postal addresses
and phone numbers on the one hand, and e-mail addresses on the other.
The post office has a master list of every valid postal address in the
U.S., and an outfit called NANPA has a list of every valid NXX-NXX in
North America. That makes it posssible to test in a straightforward
way whether an address or phone number exists and if so whether it's
in the list.
E-mail addresses aren't like that. There's no master list of e-mail
addresses and there never will be since it's up to the management of
every domain to define the structure of its mailboxes. What with ISPs
that offer multiple mailboxes, vanity domains, tagged subaddresses,
and fuzzy match LDAP servers, it's common for users to have more than
one address, and some of us have way, way more than one address. In
my case, I have about a dozen addresses in my primary domain iecc.com,
(various misspellings of my name, plus postmaster, hostmaster,
webmaster and abuse), I'm every address in a bunch of private domains
like johnlevine.com and abuse.net, and I'm postmaster, hostmaster,
webmaster, and abuse at about 150 customer domains. What's more,
there are hundreds if not thousands of addresses in iecc.com and
gurus.com that have been misscraped over the years and get lots of
spam even though they've never been valid mailboxes. My situation
is perhaps extreme but it's not unique, and plenty of people at
companies with LDAP mail can be addressed as john.smith, john.q.smith,
john-smith, j.smith, and a whole bunch of other variant addresses.
Are supposed to enumerate every possible permuation of our addresses
for the convenience of spammers? Even if we permit domain wildcards
(something the DMA strenuously resists with e-MPS), it's still an
absurd task, and given the reality of dictionary attacks, spammers
will still make up addresses faster than we can opt them out.
See my next message for a per-server opt-out technique that I think
is workable.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg