On Tuesday, March 25, 2003, at 06:13 AM, Kee Hinckley wrote:
Why is not clear to me is a) how anyone expects your typical user to
whitelist commercial addresses and mailing lists in advance
I think there has to be a responsibility here for the commercial sender
to help the user figure this out. In fact, it's one of the issues I'm
mulling over in revamping system documentation on my lists and other
things. we're now seeing enough challenges that we have to find a way
to help users figure this out. (FWIW, we don't respond to challenges.
We've talked it over and decided if the user hasn't whitelisted us, we
shouldn't validate from the outside. we ring the bell, we don't turn
the knob. To me, the risks of validating a whitelist and upsetting
someone are a lot worse than the risks of someone under a whitelist
expecting to get a subscription and no realizing why it's not
happening.)
We're probably going to add language explaining whitelisting issues to
our stuff down the road, since t seems like whitelists are starting to
be used fairly widely and I expect that trend to continue.
1 User sends email to asrg-request(_at_)ietf(_dot_)org?subject=subscribe
2 Think quick. What address should you whitelist? asrg(_at_)ietf(_dot_)org?
asrg-request(_at_)ietf(_dot_)org? Nope. asrg-admin(_at_)ietf(_dot_)org(_dot_) And you knew that
because...?
Because I read the FAQ, and it told me.
And if you start sending challenges to those--Amazon's going to see
them as bounces and dump me.
Of course we could just whitelist all of amazon.com. But I rather
suspect the spammers might figure that one out.
So amazon has to figure out whitelists, too, and help people understand
what addresses things will come from. With a foot on both sides of this
cashm, I really feel the sender of this mail shouldn't put the burden
of responsibility on the user here. They need to help them out.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg