On Jan 22, 6:05pm, Michael Kaplan wrote:
}
} Let's assume that over the course of a year Amazon.com emails 10
} million customers. I'll say that 5% of these sub-addresses are
} deactivated without the customers bothering to notify amazon. I'll
} say that it costs Amazon 5 cents to decode a CAPTCHA (fifty times as
} expensive as what I assumed the spammer would have to pay!).
I suspect that all of those estimates are low and will vary based on
the size and type of business, but there's no way to know.
} I'm sure that the software to appropriately process ISACS bounces will
} be distributed freely and aggressively for web mail and email user
} agents.
Perhaps ... once you overcome the chicken-and-egg problem of getting
such a system widely enough deployed to be interesting to OSS developers.
} ** [Malware] is an argument *for*, not against ISACS. All of the
} contacts of the person infected with malware will be able to identify
} the source of the security breach based on the sub-address.
Again, perhaps. This assumes that all contacts have "personalized"
subaddresses.
I expect you to say that this will be true because the correspondent
receives an automatically-generated subaddress in the first contact
between the ISACS user and the correspondent -- but if the correspondent
is also using ISACS, what address was originally used for that first
contact? At least half of the users of the system must begin in the
state where they have either the "Joe^lucky" subaddress or one obtained
from a third party -- or where they have no subaddress at all and must
undertake to update their address book upon challenge.
} I still don't see why bounce spamming is preferable to directly
} spamming users.
Using bizarre HTML encodings to spell out words vertically or diagonally
or to represent pornographic images as ASCII art isn't preferable to
directly displaying the words or images to the user, either, but both
are techniques that spammers have employed. You're postulating a
spam-prevention system and then wondering why spammers would attempt
to circumvent it?
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg