At 6:17 PM -0500 3/25/03, Daniel Feenberg wrote:
On Tue, 25 Mar 2003, Kee Hinckley wrote:
At 8:36 AM -0800 3/25/03, Chuq Von Rospach wrote:
I would go further. I think we should have a standard mechanism
> (akin to mailto:, but probably using a new scheme name) specifically
Is there something in this proposal to prevent spammers from using
Amazon.com as their return address? Do we assume that mail is securely
signed? Or does the whitelist include the IP address of the connecting
system?
Independent issue. The direction I see a number of people moving in
this group (and the first productive move I've seen so far :-) is to
see if we can specify certain standards that would provide a
framework for anti-spam software. The goal is (in my mind at least)
that even if people try a number of different solutions, at least
there will be some degree of interoperability. I'm not proposing any
standard for how whitelisting works. Just that there should be a
standard mechanism for a mailing list operator to easily provide the
necessary information (via a URL) to your whitelisting software.
That was as far as I got. You've pointed out that of course there
are different ways whitelisting could work. Address, domain, IP
address, certificate, unique token all come to mind.
Clearly which ones a given vendor provides depends on what they feel
like supporting (may the most popular solution win).
So what probably makes sense is to define a scheme (in the technical
sense--that thing to the left of the colon) and a set of standard
arguments, as well as a mechanism for adding items to the standard.
Completely off the top of my head:
email address (possibly wildcarded--although how you do that without
using legal email characters I don't know off hand--need some
encoding)
IP range
special token
public key
Those all seem like things that a whitelist system might want to
know. And if the client does use one of them, it can ignore it.
Back to your original question. Won't the spammers just start using
Amazon's address if they think a substantial number of people have
whitelisted it. Yes. That's a fundamental flaw with whitelists. On
the other hand, spammers who do this run far more serious legal
risks. But the goal of this proposal wasn't to solve the problem
with whitelists. I don't even *like* whitelists :-). The goal is
simply to make it easier for recipients and senders to use them.
--
Kee Hinckley
http://www.puremessaging.com/ Junk-Free Email Filtering
http://commons.somewhere.com/buzz/ Writings on Technology and Society
I'm not sure which upsets me more: that people are so unwilling to accept
responsibility for their own actions, or that they are so eager to regulate
everyone else's.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg