At 6:02 PM -0400 4/23/03, Jim Youll wrote:
A writes to B B should be added to
A's whitelist
B does not reject[1] the message from A A should be
added to B's whitelist
The likelihood of spammers capturing a large percentage of all (A,B)
interactions and then generating forged messages to likely (A,B)
pairs is very low, since these are private interactions not seen by
others.
Low, but not non-existent. We've already seen spammers using "close"
email addresses in the from. It's not clear if these were from
mailing list or web-page grabs, or just using addresses in the same
corporate domain. We've also seen trojan's that grab your address
book and spam everyone in it. One assumes they could (if they
haven't already) use that address book for whitelisting spam.
I agree. It's useful. And it works now. But if we drive spammers
into a corner where the only out is using whitelisted addresses I
belive they will still be able to survive. On the other hand.
Driving spammers into forging real addresses makes gives you a wider
array of legal attack options.
--
Kee Hinckley
http://www.messagefire.com/ Junk-Free Email Filtering
http://commons.somewhere.com/buzz/ Writings on Technology and Society
I'm not sure which upsets me more: that people are so unwilling to accept
responsibility for their own actions, or that they are so eager to regulate
everyone else's.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg