ietf-asrg
[Top] [All Lists]

Re: [Asrg] Spooked mail addresses

2004-02-08 12:44:56
Alan DeKok" <aland(_at_)ox(_dot_)org> wrote:
Seth Breidbart <sethb(_at_)panix(_dot_)com> wrote:

 Such messages are forged spam.
False.  There's no forgery if my email address is used at my request.

 Once again for people who haven't been following ASRG over the past
year:  How do I (as the recipient) know your email address was used at
your request?

  If there is a method for me to determine that, great.  Right now,
there isn't.

There isn't for _this_ message (even if I sent it directly to you
rather than just to the list) either.

 So such messages are *indistinguishable* from spam.

Only if you have a rather weak distinguisher.  There are a lot of ways
to distinguish this message from spam, even if there's no way for you
to be sure that I actually wrote it.

 Legitimate senders I deal with don't forge mail to me when they're
roaming, because they know it's bad network practice.

If I use my own email address then it isn't forgery, period.

 In general, the vast majority of legitimate email comes from
well-known and easily traceable sources.

If you want to use that as a distinguishing characteristic, fine.  I'd
claim that The New York Times is a "well-known and easily traceable
source", though.

 In contrast, the vast majority of spam does NOT come from
well-known sources.

Enough of my spam to leave the rest as below a "vast majority" comes
from comcast; is that not a well-known source?

 The messages fraudulently claim association with
domains when they have no permission to do so.

The message actually do come from within comcast's network, despite
lacking permission.

However, the "Sender: " header is appropriate in that situation.

 That's nice.  How can I tell it isn't lying to me?  The answer, of
course, is that I can't.

In general, you can't tell that about any header your machine didn't
add.

 Pretending that untraceable forgeries are a reasonable use of the
email system is a good way to make sure that the spam problem will
never be addressed.

Since when need such messages be "untraceable forgeries"?  (1) They're
easily traced to the sender.  (2) The sender _could_ require some sort
of proof in order to register to send such messages.

Difficult?  No.  Copyright violation?  Yes.
 If the host of the article sends a copy to your friend, why can't it
give you permission to do so?

It apparently chooses not to do so.  Their toys, their copyright,
their rules.

Or, to send a URL?
Which won't work for someone else who doesn't have an account there.

 If an account is required, why are you sending them the article?

Apparently, the NY Times is willing to email articles on my bahelf to
people when I ask it to, though it won't show them the article
directly unless they register.  Their copyright, their business model,
their toys, their rules.

 I think you last two comments are arguing opposite sides of the same
coin.  You can't have it both ways.

They can do what they want.  If you don't like their business model,
that isn't their problem.

Seth

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg