ietf-asrg
[Top] [All Lists]

Re: [Asrg] 6. Email Path Verification (hashcash benchmarks)

2003-09-15 00:08:38
At 04:42 AM 9/15/03 +0200, Brad Knowles wrote:
At 2:06 AM +0100 2003/09/15, Jonathan Morton wrote:

 I personally think that nearly all ISPs, especially those with a
 large proportion of newbies, should delete directly-executable
 attachments without question.

      There, I must disagree very strongly.  Plenty of people in this 
world have reason to be mailing attachments around, although I'm 
opposed to their using e-mail as a replacement for proper 
file-transfer technologies for large attachments.

      Yes, I agree that there should be some default controls to make 
this sort of stuff less dangerous, but I am most certainly not 
convinced that they should be deleting directly executable 
attachments unless expressly asked to do so.


Rather than deleting by default, I recommend renaming
executable attachments to something not executable, 
and adding a note explaining what you've done.
(Perhaps also explaining that it's a bad idea to run an executable
you weren't expecting, even if it is from someone you know.)

And if you're going to have an option like that, I also recommend
that it be something the user can turn off.


Scott Nelson <scott(_at_)spamwolf(_dot_)com>



_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg



<Prev in Thread] Current Thread [Next in Thread>
  • Re: [Asrg] 6. Email Path Verification (hashcash benchmarks), Scott Nelson <=