The onslaught of 'spam' to attempt circumvention of these types of controls
appears to have started. Perhaps in this case the 'spammers' have shown their
hand a bit to early.
As of the wee hours of this morning my systems have started to receive messages
with the following headers (in droves):
Subject: My new e-mail address
Subject: Confirmation Message [QJUS78434jdls938-90]
Subject: To reach me you need to reply to my new e-mail
Subject: My new e-mail system
All of these include the standard Reply-to headers where the recipient address
'disappears' after n DSNs. Additionally, the messages content From header are
forged from mostly guess who, and yes also Received from are displaying
'earthlink.com' as well. Anyone else seeing this?
One more thing. I believe on this note there was a reply the predicted this
type of response to the introduction by an ISP of a C/R system. It appears we
definitely have the 'brain power' to anticipate the methods of adaptability
'spammers' will display and that should be leveraged to evaluate proposals. If
that can be successfully categorized into an 'adaptability' taxonomy it would
be of, I think, great use.
-e
On Wednesday, May 07, 2003 1:26 PM, John Fenley
[SMTP:pontifier(_at_)hotmail(_dot_)com]
wrote:
From: Jim Littlefield <little(_at_)abaqus(_dot_)com>
...and every EarthLink subscriber to a mailing list will stop receiving
their list mail because the list server software/administrator boots them.
Sorry if this has been talked about...Massive traffic has prevented my
following the list closely.
The last pannel at the forum seemed to point to the importance of
opt-in/opt-out, and ensuring that the wanted mail goes through. Mailing
lists are opt-in, and a solution that takes care of these things would solve
the problems associated with Challenge/Response.
Any whitelisting strategy is prone to spoofing, but if authentication
strategys were used then spoofing wouldn't be a problem, but opt-ins would
still be.
So this is what I see. 3 independant, unrelated, seperately upgradable,
etc.. layers to stem the tide:
1 An authentication layer to ensure you know who is sending.
2 A responibly developed Challeng response system not prone to the simple
fault mentioned in this list.
3 A method of allowing the user to opt-in, and out of any and all automated
mailings.
I went to the ftc forum, and my expectations of choicelist changed. But i do
see it as a viable #3. an essential part of a complete system.
Nobody had talked much about opt-in/opt-out issues on this list, but they
were a major part of the forum. solving this will be important. I humbly
re-propose choicelist as a way of managing opt-in/opt-out status...not as an
ultimate answer as it is proposed, but as a starting point to something
better.
User interface: www.choicelist.com
back end: www.pontifier.com/database.html
John Fenley
_________________________________________________________________
MSN 8 with e-mail virus protection service: 2 months FREE*
http://join.msn.com/?page=features/virus
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg