The priority ratings per sender (i.e. Jane) are privately accessibly only to
the recipient (i.e. Ian). Ian can change his rating of Jane, but neither
Jane nor anyone else can see or edit those ratings. Ian does this at a
private web site of the ISP/ASP.
It is true that if someone guesses the GUID, they may be able to hop onboard
someone else's high ratings. Yes, GUIDs are somewhat guessable, since they
are algorithmic based on net ID and other information, but it's unlikely a
spammer would go to that trouble. This method does also support certificate
tagging within the email header, but that hasn't been implemented yet
(besides, that would require a change to the email client).
The most likely way of hacking this is to sniff a non-encrypted email and
then spoof it, but again, we try to use networks that are NOT sniffable by
just anyone!
Did I miss something? How else would a hacker/cracker do this?
-----Original Message-----
From: matthew richards [mailto:matt(_at_)larkinam(_dot_)com]
Sent: Tuesday, March 18, 2003 12:38 PM
To: Dave Lampert
Subject: Re: [Asrg] Gray list: rating of associates
what would prevent a spammer from reverse engineering the
prioritization system and then making hack emails that pretend to be
high priority from friends?
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg