On Thu, Jun 12, 2003 at 02:32:47PM -0400, Yakov Shafranovich wrote
At 10:50 PM 6/10/2003 -0400, waltdnes(_at_)waltdnes(_dot_)org wrote:
2) Yes, I realize that the ISP's MTA will have to keep state
information regarding the luser's preferences. However, it comes down
to either a) ISP's server doing it (maybe luser enters pre-emptive
whitelist/blocklist via web interface), or
b) luser administering it on his own MUA (Aunt Ethel or your
parents, yeah sure)
Privacy issues are a big concern here. Keep in mind that in the
USA, this information can be subpoened by many parties ranging from
the RIAA seeking copyright pirates to the FBI via the FBIS. Some
approaches here such as using checksums, one way functions,
cryptography, etc. are needed.
Given those powers, I'd subpeona the ISP's logs instead, or at least a
subset generated by grepping for the suspect's email address as the
destination. Spam Rule #3, or some corollary thereof, applies to
"military intelligence". They're stupid and incompetent, and think that
the bad guys are too. Assuming that...
a) I was a bad guy, and
b) I'd do something as silly as sending instructions via email
I could...
- subscribe to this list
- whitelist envelope-sender "asrg-admin(_at_)ietf(_dot_)org"
- tell my co-conspirator to forge "asrg-admin(_at_)ietf(_dot_)org" as the
envelope-sender when emailing me
My whitelist would look very innocent, and "military intelligence"
would still have to take a good look at the ISP's logs to figure our
what was going on. Even simpler, we'd set up as spammers, and *NOT* use
tight whitelists. Specially coded porno spams that open a dozen browser
windows would also open one which had a porno gif with steganographic
embedded encoding of instructions.
--
Walter Dnes <waltdnes(_at_)waltdnes(_dot_)org>
Email users are divided into two classes;
1) Those who have effective spam-blocking
2) Those who wish they did
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg