Gordon, apropos your scheme: What happens when a zombie sends the
infected's email address and his address book to the spammer, so the
spammer can send spam to the address book 'from' the infected? Any
reason not to expect that to happen if your scheme were to become popular?
With my approach, it makes NOT THE SLIGHTEST DIFFERENCE where the E-mail
address
is actually posted from. The key is:
1) Who the mail is SUPPOSEDLY from;
2) What the recipient EXPECTS mail from that sender to look like.
If the mail doesn't look like it comes from who it claims to come from (i.e.
the
way their mail is trusted to look, and habitually looks) then it's treated as
suspect.
So even if someone finds out who you normally might get mail from, that doesn't
help the spammer in the slightest, UNLESS he sends mail which LOOKS enough
"like" the mail you get from that person.
So, in particular, if you don't get JavaScript or HTML or executable
attachments
or ActiveX from that sender, and have those enabled specifically for that
sender, no worm or virus is STILL going to be able to get anywhere at all by
forging that sender's E-mail address on infectious mail being sent to you.
BTW, no response to my previous post/email? See the difference? Your
statements didn't actually apply to CSV.
Nor, in fact, did CSV apparently apply to what *I* was talking about, either.
:-)
I haven't paid all that much attention to that approach; but of the things
I've
been seeing discussed, I haven't seen *anything* that has anything near the
quick and reliable payback that my concept gives, the ease of installation, and
with the negligible impact that my approach gives for legitimate users.
Gordon Peterson http://personal.terabites.com/
1977-2002 Twenty-fifth anniversary year of Local Area Networking!
Support free and fair US elections! http://stickers.defend-democracy.org
12/19/98: Partisan Republicans scornfully ignore the voters they "represent".
12/09/00: the date the Republican Party took down democracy in America.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg