ietf-asrg
[Top] [All Lists]

Re: [Asrg] FeedBack loops

2008-11-13 21:32:22

On November 13, 2008 at 20:52 rsk(_at_)gsp(_dot_)org (Rich Kulawiec) wrote:
On Fri, Nov 14, 2008 at 10:02:14AM +1200, Franck Martin wrote:
We were talking about: "when the user click spam, the system does not send 
a spam report but an unsubscribe if the mail contains the right headers 
and the unsubscribe is successful" 

First, there's no way for the web interface to know if the unsubscription
request was successful -- presuming that it's submitted via the address
specified in the RFC 2369 headers.

Is that important? Any unsubscription confirmation email should go
back to the subscriber.

But second, and this is the much larger problem: widespread adoption of
this will almost instantly lead to its mass exploitation by spammers.

How? Maybe I lack imagination, but why is this any more of a problem
than spammers just sending unsub etc requests now?

One would hope the path between a customer clicking a spam complaint
button and the service provider is reasonably reliable. And the unsub
could be verified by the same sort of means it might be verified
today.  For example I might only execute an unsub from AOL if it came
either from a customer who was actually sub'd to the list or from
AOL's feedback loop MTA. I suppose an FBL could also set up some sort
of asymmetric key pair method at setup.

But maybe I'm missing something entirely.

-- 
        -Barry Shein

The World              | bzs(_at_)TheWorld(_dot_)com           | 
http://www.TheWorld.com
Purveyors to the Trade | Voice: 800-THE-WRLD        | Login: Nationwide
Software Tool & Die    | Public Access Internet     | SINCE 1989     *oo*
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
https://www.irtf.org/mailman/listinfo/asrg

<Prev in Thread] Current Thread [Next in Thread>