We could add to the list addresses that are not actually valid - like
the striker addresses for example.
I think this is called "poison pill" and different pills can be inserted
into lists that are distributed to different parties. Then if unwanted email
appears on this email, that can be used as verification that they
decryppted entire opt-out list.
How would you validate them? And if you don't, why wouldn't some
helpful person do a dictionary attack on the opt-out list in order to
remove everyone.
Similar "poison pill" system can also work for central server that
provides authentication to get opt-out list. In this case you invent some
easily guessable email addresses but not actually use it in any email. If
somebody querries for it and gets opt-out no answer but then there are
unsolicited emails coming to it, you know who did something wrong.
----
William Leibzon
Elan Communications Inc.
william(_at_)elan(_dot_)net
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg