ietf-asrg
[Top] [All Lists]

Re: [Asrg] 5b. Opt-Out, 2nd version

2003-03-26 18:32:15

On Wednesday, March 26, 2003, at 05:11  PM, Brad Templeton wrote:



Secondly, we would want to avoid spammers deliberately spamming all the people
who opted out because they can get a list of all of them.


The seeding idea is interesting.


if we revisit something I mentioned a while ago -- the idea of a "robots.txt" for e-mail, to allow a domain to define usage/consent rules in a standardized way. It's fairly trivial to extend that concept to include traps addresses, ones placed into that file specifically to catch people attempting to harvest and use the concent addresses. And any IP that mails to a trap address gets blackholed for a period of time.

It creates the problem of people using those addresses as an attack mode, but the attacks are fairly limited and can be handled: subscribing trappaddr(_at_)foo(_dot_)com to emarketer(_at_)bar(_dot_)com only gets people in trouble to the degree they try to mail to bar.com, and only to the degree that the trap address becomes known outside of the folks controlling the domain -- and as it becomes known, its usefulness goes away and it should be changed, since the spammers will figure it out and wash it, leaving behind only something useful for the trolls...

this is a fairly common way to trap the web robots that misbehave, it'd be a reasonable way to both extend consent out for email and protect the addresses in the file, since it wouldn't be obvious what addresses are the traps, only that there are traps there. and yes, trap discovery is an issue, but there are ways to deal with that, also.



_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg