ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: [Asrg] C/R - What people say

2003-05-15 15:19:10
from [Daniel Feenberg] [Permanent Link] 



On Thu, 15 May 2003, Vernon Schryver wrote:



What is the real goal a C/R system?  I thought it had something to do
with reducing "spam."  How does spam differ from any other bulk mail
except in whether it is solicited?

As I've pointed out, a substantal amount of the unsolicited bulk
mail in my traps has headers just like mail from other "lists"
including this one.

If a C/R system only stops spam from transient, "hit-and-run" systems
that do not stand still long enough to receive and answer a challenge,
it won't be very impressive.



I was hoping someone would bring this up. I didn't because it seemed like
I was missing something. Did I also miss the discussion of how two C/R
systems would interact if both sender and receiver have them? This must
have come up in real life - do the users of these systems have experience
to relate? 

I would have thought the role of standardization in the C/R system would
not be to standardize the challenge, which needs to be non-standardized so
that automated systems can't respond effectively, but rather to provide an
effective route around the C/R system for legitimate lists. 

For example, if a program running on the user's machine could handle the
subscription request, and simultaneously put the necessary information
about the list in the user's own whitelist, that would be helpfull.
Standardization would be usefull to allow a single program on the user's
machine to interact with many different list processors. I imagine a
program that would be called by the browser when the user visited a
list-subscribe web page that would send the list the user's email address,
and obtain and store the list name and IP address from which that list
will be sent. There should also be a way for the sending IP to be changed
with limited or no user intervention.

I note that a secure Java applet can't be asked to write in the whitelist
file (that wouldn't be secure) so that the program imagined here would
have to be part of the user's computer before the list-subscription page
was visited. The IP address of the sending machine is used so that a
spammer can't just adopt the name of a popular list and hide behind it.
There must be many other ways to accomplish that, though.



_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Asrg] News Article - FTC targeting open relays, Yakov Shafranovich
Next by Date:  RE: [Asrg] C/R - What people say, Yakov Shafranovich
Previous by Thread:  RE: [Asrg] C/R - What people say, Vernon Schryver
Next by Thread:  RE: [Asrg] C/R - What people say, Yakov Shafranovich
Indexes:  [Date] [Thread] [Top] [All Lists]