Seth Breidbart <sethb(_at_)panix(_dot_)com> wrote:
The glitch is that when the email arrives in my inbox, the from address
is the address of the person sending it, not the publication itself.
Such messages are forged spam.
False. There's no forgery if my email address is used at my request.
Once again for people who haven't been following ASRG over the past
year: How do I (as the recipient) know your email address was used at
your request?
If there is a method for me to determine that, great. Right now,
there isn't. So such messages are *indistinguishable* from spam.
99.9% of the spam I get is such nonsense. Legitimate senders I deal
with don't forge mail to me when they're roaming, because they know
it's bad network practice. Using "ssh" to log in to a home site to
read/send/port-forward mail is trivial.
In general, the vast majority of legitimate email comes from
well-known and easily traceable sources. (i.e. traceable with work,
but not currently traceable or accountable through SMTP.) Email from
this list comes from ietf.org, and as a recipient, I can trivially
check that. In contrast, the vast majority of spam does NOT come from
well-known sources. The messages fraudulently claim association with
domains when they have no permission to do so.
Read the LMAP discussion document. It talks about this problem in
more detail.
However, the "Sender: " header is appropriate in that situation.
That's nice. How can I tell it isn't lying to me? The answer, of
course, is that I can't. Spammers use such forged associations to say
things like "Honest, this mail isn't coming from AOL, but we really
truly are sending it at AOL's request. Now give us your account name
and password..."
Pretending that untraceable forgeries are a reasonable use of the
email system is a good way to make sure that the spam problem will
never be addressed.
Is it really that difficult for your local browser to copy the web
page, and send it?
Difficult? No. Copyright violation? Yes.
If the host of the article sends a copy to your friend, why can't it
give you permission to do so?
Or, to send a URL?
Which won't work for someone else who doesn't have an account there.
If an account is required, why are you sending them the article?
I think you last two comments are arguing opposite sides of the same
coin. You can't have it both ways.
Alan DeKok.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg