ietf-asrg
[Top] [All Lists]

Re: [Asrg] Turing Test ...

2003-04-03 11:16:52
On Wed, 2 Apr 2003 23:43:27 -0800 
Chuq Von Rospach <chuqui(_at_)plaidworks(_dot_)com> wrote:
On Wednesday, April 2, 2003, at 10:18 PM, J C Lawrence wrote:
On Wed, 02 Apr 2003 22:35:17 -0700 Art Pollard 
<pollarda(_at_)lextek(_dot_)com>
wrote:
 
A properly designed system would have IMHO added you to the
whitelist the moment that the student you mentioned sent you a
message.  If you are good enough to communicate with (i.e., you can
infer that you are not a spammer because he sent you a message) then
you should be automatically whitelisted.

Careful, this is fragile.  My envelope frequently doesn't match my
From:, and in the case of role addresses, the initial To: won't match
my From: or envelope.

If a whitelist were implemented by your mail client, it could access
your address book and automatically adjust your whitelist based on
what's in there. You could, in fact, automatically implement a
greylist, too:

True, but the limitations should be admitted.  For example that doesn't
typically handle role addresses worth a damn.  You mail me at
<list>-owner@ and will get a reply back from claw(_at_)(_dot_)  Then there are 
the
.forwarding cases we all know and love as list owners.

And that's not mentioning the can of worms on white listing by From:, by
envelope, or by both, and which and when.  FWLIW TMDA takes the approach
of whitelisting by From: and envelope, sending the confirmation request
to the Return-Path -- arguably the safest route, but one I've found a
holes in with misconfigured ISPs who, well, let's just say they're
misconfigured.

  Oh yeah, and as regards the utter lack of complaints on whitelisting
  systems being caused by those complaining not getting thru the
  whitelisting system: It may be a excessively convenient logic.  It
  doesn't support itself here.  My role addresses and lists are under
  TMDA, my personal addresses aren't.  For my list populations almost
  nobody ever uses my role addresses as my personal address of
  claw(_at_)kanga(_dot_)nu is too well known and prominent.  Total valid use of
  role addresses related to the lists in on the order of 5 - 8 messages
  per year.  In that line, the commentaries I did receive after applying
  TMDA were all positive, and all sent to my personal
  non-whitelist-protected address.

1) permanent entry in an address book: whitelisted.

2) cached entry in address book: accepted without challenge, flagged.

3) not in address book: challenge/response, held on to by client until
the response is seen or it times out.

There can also be hinting structures, such as mail to
listowner/*-admin/-owner/postmaster/root/etc automagically opens up a
wildcard temp allowance for any address at that domain.  I could also
see header extensions which encode a token in the outbound mail, which
an MUA replying to also quotes in its own headers (along side
In-Reply-To), thus providing more hinting to the return whitelist.

address book can then be used to implement the blacklist, stuff
automatically thrown out, similar to how OS X's mail.app implements a
junk mail filter.

There are many things which can be done here to improve, but the tend to
bandaides over a hole, and that should be admitted as a cost, especially
by those of us with an excess of role addresses.

-- 
J C Lawrence                
---------(*)                Satan, oscillate my metallic sonatas. 
claw(_at_)kanga(_dot_)nu               He lived as a devil, eh?           
http://www.kanga.nu/~claw/  Evil is a name of a foeman, as I live.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg