Laird Breyer <laird(_at_)lbreyer(_dot_)com> wrote:
On Jan 11 2005, Seth Breidbart wrote:
Laird Breyer <laird(_at_)lbreyer(_dot_)com> wrote:
A way to break ISACS by spamming mailing lists.
It isn't quite that simple, though; if a user of ISACS turns off the
subaddress used by a mailing list, he should unsubscribe and
resubscribe a new subaddress. This puts the work where it belongs, on
the user of ISACS.
I agree. However, the simple act of turning off the address still
automatically send a challenge back to the list address even if the
user unsubscribes and resubscribes afterwards.
Why? How? The challenge doesn't go back unless the list sends to the
turned-off address, so unsubscribing, resubscribing, and then
turning-off would be the preferred order.
So ISACS now has to have a subsystem for dealing specially with
mailing lists, or else the user should bypass ISACS,
unsubscribe/resubscribe *first*,
That's right.
then turn off the subaddress, all of this manually.
Or do the unsubscribe/resubscribe "off to the side".
But in reality, this is no worse than any other whitelisting system
that whitelists mailing lists. If a spammer sends to the list and the
spam gets forwarded, it gets through. BFD.
Of course, it doesn't matter: the spammer will just spam the list
again. So the users of ISACS won't (effectively) unsubscribe from the
list just because it gets spammed, but will decide how to deal with it
the same way everybody does now.
If ISACS users must pre- or post-filter all their mail independently
from the ISACS system, a legitimate question becomes what ISACS brings
to the table in that case.
It's a method of whitelisting, that's all.
Seth
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg