On Wed, Feb 04, 2004 at 04:23:38PM +0000, Peter Sergeant wrote:
You make assumptions that weren't in the original posts.
For a reason. See below.
On Wed, Feb 04, 2004 at 11:17:31AM -0500, David Maxwell wrote:
The difference is that the web-based email is not claiming that the mail
is _from_ an identity/entity which it has no claim to. It says 'From:
abc(_at_)hotmail(_dot_)com'
Assuming that I'm using a web-based email system that ties me
inextricably to their email address. I happen to access my email via a
web-system when travelling, where normally I access it through an MUA on
Likewise, sending email from your domain from anywhere on the net is
indistinguishable from spammer behaviour.
You could rectify this by sending mail which is authenticated in some
way - cryptographically, or delivered by a host in the sending domain,
for example. The latter could be accomplished by tunneling to your home
network, or using an authenticated protocol to relay through your home
MTA.
If you're unwilling to accept that additional complexity, then you would
appear to support the continued use of a network infrastructure which
can never minimize spam. If you can prove that there's an
authentication-less way to allow this sort of roaming, while preventing
spam, I'll be shocked and impressed ;-)
my machine - in this case, and in the case where I ask a third party to
send an invite or an article in my name, the software sitting on the
web-server is acting as an MUA. I do not see where the distinction
between 'normal' and web-based MUA lies that makes email originating
from one spam, and not the other.
There isn't, if your MUA does not 'belong' to your domain, in some way.
That is also functionally equivalent to spammer behaviour, and the
reason I chose the hotmail example.
The site offering 'send a friend this link' allows you to type in any
From address, and forges a message from you.
You say 'forges', but isn't this exactly what any MUA does? I can
configure 'mutt' to send email from you - this doesn't mean that
legitimate mail I send from 'mutt' is also by definition spam.
It doesn't mean it's spam, but if there's no way to tell it apart from
spam, then it may as well be spam. Any loophole that permits your
message through will eventually be abused by spammers and become
useless, unless there's some form of authentication involved, which the
spammers cannot forge.
Since there is no technical way for the recipient to verify that you
authorized that message, there is no technical difference between it,
and simple forged spam.
Where does this assumption come from? Many online content providers
these days require you to log in.
That isn't a respone to my statement. What is the technical method by
which my MTA can tell that mail 'From: Peter Sergeant', originating at
host 'remailer.nytimes.com' is actually from you?
I made a mistake in my last email
On Wed, Feb 04, 2004 at 11:17:31AM -0500, David Maxwell wrote:
Since there is no technical way for the recipient to verify that you
authorized that message, there is no technical difference between it,
and simple forged spam.
and mis-read this comment.
It's true that there's no technical way for the *recipient* to verify
that you authorized a message. However, I'd say your logic doesn't hold
- by the line of reasoning that says any non-source-verifiable email is
technically equivalent to spam, most of the messages on this list are
also technically equivalent to spam. This does not make them spam.
It makes them as problematic to the receiver as spam.
--
David Maxwell, david(_at_)vex(_dot_)net|david(_at_)maxwell(_dot_)net -->
(About an Amiga rendering landscapes) It's not thinking, it's being artistic!
- Jamie Woods
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg