At 8:39 AM -0600 5/26/03, Vernon Schryver wrote:
- that mail from people you don't know and that you want would be
marked with "ADV". Would you really want unexpected and so
unsolicited advertising?
Valid point. I got lost there somewhere.
- that mail senders need to communicate with your whitelist software.
Why? If envelope and headers are not forged, then when you decided
you want blue pills that grow loans from deals4u2buy.org you can
whitelist mail from deals4u2buy.org by pointing and clicking purely
on your own system. At worst you can start watching your logs of
rejected mail and click on a caught sample to whitelist it.
That's not where I want them to communicate. I think we all agree
that we don't want to spend time wading through our spam mailbox to
see if there's anything good. It's better than wading through our
normal inbox to see if anything's good, but not by a lot. So I want
to whitelist *before* I get the email. Which means that I need to
know what address is going to be sending. Imagine all the
complicated instructions some web site has to provide. "We will be
sending you email from this address for the main stuff, and from this
address if there are administrative problems. In order to add these
addresses to your whitelist, if you are using Eudora on the Mac, do
this, if Eudora on the PC, do that. If you are using the third party
whitelisting product xxx, do such and such. If...."
I don't think that's going to work well.
- that Deals4u2buy.org will use N-different addresses. On the
contrary, they'll good reasons to tell you their sender domain name
and to keep it constant.
Domain, sure. But whitelisting by domain is asking for even more
trouble than whitelisting by full address. But if you want to
whitelist by address, you definitely need to deal with more than one.
Even the typical mailing lists uses at least two addresses. (Some
commercial mailings use a different one for each user--since the
bounce information encodes the recipients email address.)
On the other hand, doing whitelisting by address just defers the
inevitable forgery a little longer. So without authenticated sender,
I whitelisting seems doomed. And since virtually every "make a major
change to SMTP" system out there seems to depend on whitelisting as a
transition tool, there's going to be a very interesting race.
- on the other hand, if the envelope or headers are forged, then
the "ADV" tag will also be missing, because a large minority and
Perhaps. That's harder to predict. Spammer behavior is easy.
Follow the money and the direction that gets the most messages
through. Predicting user behavior is harder.
- Why can't people understand ADV tags and whitelisting? I don't recall
encountering anyone who couldn't but who could handle email. Proof
I don't understand ADV tags. Does Amazon have to send me my purchase
receipts with an ADV tag? Does an opt-in list have to use an ADV
tag--or just the people who randomly spam me? I don't know what it
means. And it seems to me that it was you who berated me for trying
to differentiate between different types of content from the same
sender when I tried to differentiate between transactional email and
advertising email. You had some good points. But isn't that what an
ADV tag tries to do? If not, then I don't dare block it.
Whitelists are hard to understand not because of the concept, but
because of the plethora of email addresses that need to be
whitelisted, and because people don't understand how easy forging is.
And on top of that--the plethora of (as yet non-existent... but give
them time) whitelisting interfaces.
- we already have standardized mechanisms for identifying mailing lists.
RFC 2919 is on the standards track.
Okay. But I'm not sure where that ties into this issue.
--
Kee Hinckley
http://www.messagefire.com/ Junk-Free Email Filtering
http://commons.somewhere.com/buzz/ Writings on Technology and Society
I'm not sure which upsets me more: that people are so unwilling to accept
responsibility for their own actions, or that they are so eager to regulate
everyone else's.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg