ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: [Asrg] 5b. Opt-Out, 2nd version

2003-03-26 18:22:20
from [william] [Permanent Link] 
Hang on a second here, I don't think anyone in the crypto world I'd
seriously worried about an atack which woud allow an attacker to find an
eficient inverse function for sha1 and I they did we would be sooo screwed
every other way it would not be funny.

Technology advances, both in terms of scientific research on cryptography
and just pure computational force power. You can never assume it'll not be 
broken... 

In reality I was thinking more in terms of trying to add somewhat easily 
guessable poison email address to catch those doing dictionary attacks 
and using the results improperly.

But Brad is also right, if somebody has 100 million email addresses 
gathered from everywhere else and they wanted to clean it up to real 
addresses, they would check with this opt-out list of 20million addresses, 
there is good bet 99% of those 20million are contained in those 100million
(people would opt-out when they are already receiving too much unwanted 
email and their email is already known), that however does not mean there 
are no valid email addresses in remaining 80million so spammer would 
probably continue to send to all 100million anyway. 

But this does expose the problem that if you distribute list and let 
email marketing company do all validation on their own, they will get 
almost entire list. With cental server, while this is still also possible, 
at least the authority providing the service can gather statistics of how 
many queries each particulr authorized client is doing and if they see 
somebody doing brutal force check of their 100million addresses, they 
probably know its not a legit bulk mailer company. With opt-out specific 
to each domain, the ability to do central verification is gone so even if 
you see somebody doing this kind of check (which is difficult - you only 
know statistics for your domain), its unclear if you can have any serious 
response to it.


I was thinking we would add boogus email addresses that have already found
their way to the lists...


 -----Original Message-----
From:         william(_at_)elan(_dot_)net
Sent: Wed Mar 26 14:59:08 2003
To:   Kee Hinckley
Cc:   Hallam-Baker, Phillip; 'Brad Templeton'; 'Asrg 
(asrg(_at_)ietf(_dot_)org)'
Subject:      RE: [Asrg] 5b. Opt-Out, 2nd version


We could add to the list addresses that are not actually valid - like
the striker addresses for example.


I think this is called "poison pill" and different pills can be inserted 
into lists that are distributed to different parties. Then if unwanted email

appears on this email, that can be used as verification that they 
decryppted entire opt-out list. 
 

How would you validate them?  And if you don't, why wouldn't some 
helpful person do a dictionary attack on the opt-out list in order to 
remove everyone.


Similar "poison pill" system can also work for central server that 
provides authentication to get opt-out list. In this case you invent some 
easily guessable email addresses but not actually use it in any email. If 
somebody querries for it and gets opt-out no answer but then there are 
unsolicited emails coming to it, you know who did something wrong.

----
William Leibzon
Elan Communications Inc. 
william(_at_)elan(_dot_)net


_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: [Asrg] The "problem" from an engineering standpoint, Hallam-Baker, Phillip
Next by Date:  Re: [Asrg] 5b. Opt-Out, 2nd version, Hallam-Baker, Phillip
Previous by Thread:  Re: [Asrg] 5b. Opt-Out, 2nd version, Markus Stumpf
Next by Thread:  Re: [Asrg] 5b. Opt-Out, 2nd version, Hallam-Baker, Phillip
Indexes:  [Date] [Thread] [Top] [All Lists]