ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: [Asrg] Introduction and another idea

2003-06-21 10:28:35
from [Kee Hinckley] [Permanent Link] 
At 5:26 PM -0500 6/20/03, gep2(_at_)terabites(_dot_)com wrote:

It's not "useful" to recipients who have no way of dealing with those
attachments.   And those are the folks who you're saying should find them,
unwanted, in their E-mail inboxes just because the sender has this geeky feeling 
that they're somehow "cool".
I typically sign all my email. The only reason I'm not now is because I'm waiting for a new version of the plugin. This has nothing to do with "cool". It has to do with being able to verify what I actually said. Whether the recipient has the necessary software is irrelevant. They have the message, and should it be necessary, they (or anyone else) can verify that it came from me.
But of course the most critical thing here you are missing in Bob's message is the issue of verification. You keep talking about "first time" as though it means something. One of the major issues discussed on this group is the question of how you identify a person. It's something you need to do for whitelisting. And it's something that virtually every proposal on this list depends on to one extent or another. Your proposal depends on it too. If a large number of systems on the internet start depending on whitelisting, then spammers will start seeking out ways of sending you email from addresses that you have probably whitelisted. The whole point of a signature is to attach an unforgeable identity to a message. In fact the most useful time to have that identity nailed down *is* the first time you receive a message. By ruling that out, you have opened a hole in the security of your solution, and the spammers will happily walk right into it if they have nowhere else to go.
(For discussions of how spammers could (and do) find out who you have white-listed, search the archives.) 

--
Kee Hinckley
http://www.messagefire.com/          Anti-Spam Service for your POP Account
http://commons.somewhere.com/buzz/   Writings on Technology and Society

I'm not sure which upsets me more: that people are so unwilling to accept
responsibility for their own actions, or that they are so eager to regulate
everyone else's.

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Asrg] New proposal for spam blocking: Greylisting, John Morris
Next by Date:  Re: [Asrg] Introduction and another idea, Kee Hinckley
Previous by Thread:  Re: [Asrg] Introduction and another idea, Tony Hansen
Next by Thread:  Re: [Asrg] Introduction and another idea, Vernon Schryver
Indexes:  [Date] [Thread] [Top] [All Lists]