From: Brad Templeton <brad(_at_)templetons(_dot_)com>
...
Secondly, we would want to avoid spammers deliberately spamming all the people
who opted out because they can get a list of all of them.
The seeding idea is interesting. It doesn't solve the first problem, your
name will still go on a list that can be made public, but as I said we can
probably survive that, it's just somewhat ironic to have to go public to
protect your privacy.
...
you get spam, you're on their lists, so they can make a list of everybody
on the opt-out list who is on a common spammer's list.
Now why they want to spam it I don't know, possibly for spite. Only well
hidden
overseas spammers would do it, but they would.
...
Why do some spammers curently test 10,000 arbitrary user names at many
domain names to see if they are valid with either Rcpt_To "vrfy" or
trial spam? Whatever their reasons, wouldn't it be far faster and
easier for them to get the same information using the opt-out system?
Imagine that you are a spammer and do not have a current list of
targets. What if you test against the opt-out system a list of 10,000
or 1,000,000 user names, starting with "tom", "dick, and "harry," and
continuing with zillions of other names including message-IDs and
other strings, all combined with a few 1000 or 1,000,000 domain names?
That would give you a list of many of the entries in the opt-out list.
If you were a spammer who doesn't believe the opt-out list applies
to your important message, could you use such a list?
Vernon Schryver vjs(_at_)rhyolite(_dot_)com
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg