Hang on a second here, I don't think anyone in the crypto world I'd
seriously worried about an atack which woud allow an attacker to find an
eficient inverse function for sha1 and I they did we would be sooo screwed
every other way it would not be funny.
Technology advances, both in terms of scientific research on cryptography
and just pure computational force power. You can never assume it'll not be
broken...
In reality I was thinking more in terms of trying to add somewhat easily
guessable poison email address to catch those doing dictionary attacks
and using the results improperly.
But Brad is also right, if somebody has 100 million email addresses
gathered from everywhere else and they wanted to clean it up to real
addresses, they would check with this opt-out list of 20million addresses,
there is good bet 99% of those 20million are contained in those 100million
(people would opt-out when they are already receiving too much unwanted
email and their email is already known), that however does not mean there
are no valid email addresses in remaining 80million so spammer would
probably continue to send to all 100million anyway.
But this does expose the problem that if you distribute list and let
email marketing company do all validation on their own, they will get
almost entire list. With cental server, while this is still also possible,
at least the authority providing the service can gather statistics of how
many queries each particulr authorized client is doing and if they see
somebody doing brutal force check of their 100million addresses, they
probably know its not a legit bulk mailer company. With opt-out specific
to each domain, the ability to do central verification is gone so even if
you see somebody doing this kind of check (which is difficult - you only
know statistics for your domain), its unclear if you can have any serious
response to it.
I was thinking we would add boogus email addresses that have already found
their way to the lists...
-----Original Message-----
From: william(_at_)elan(_dot_)net
Sent: Wed Mar 26 14:59:08 2003
To: Kee Hinckley
Cc: Hallam-Baker, Phillip; 'Brad Templeton'; 'Asrg
(asrg(_at_)ietf(_dot_)org)'
Subject: RE: [Asrg] 5b. Opt-Out, 2nd version
We could add to the list addresses that are not actually valid - like
the striker addresses for example.
I think this is called "poison pill" and different pills can be inserted
into lists that are distributed to different parties. Then if unwanted email
appears on this email, that can be used as verification that they
decryppted entire opt-out list.
How would you validate them? And if you don't, why wouldn't some
helpful person do a dictionary attack on the opt-out list in order to
remove everyone.
Similar "poison pill" system can also work for central server that
provides authentication to get opt-out list. In this case you invent some
easily guessable email addresses but not actually use it in any email. If
somebody querries for it and gets opt-out no answer but then there are
unsolicited emails coming to it, you know who did something wrong.
----
William Leibzon
Elan Communications Inc.
william(_at_)elan(_dot_)net
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg