ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Asrg] Mailing list signup handshakes

2008-11-30 13:10:44
from [Rich Kulawiec] [Permanent Link] 
On Sun, Nov 30, 2008 at 07:16:33AM -0800, Michael Thomas wrote:

And it's certainly not their problem that the UI designers maintain
their procrustean stance that their users are the ones who are wrong,
stupid, unreliable, etc, etc.


I agree with the general idea that UI presentations could be improved.

I think increased use of RFC 2369 headers and their corresponding
presentation would help; I've also considered the possibility of
making MUAs aware of proper opt-in signups (say, via RFC 2142 -request
addresses, which all all mailing lists should support), as it would leave
open the door for the MUA's to decline to present a "report as spam"
button while viewing any message on that list and instead present a
"request unsubscription" button (using the RFC 2369 headers) instead.
(Why do this in the MUA?  Because it's MUA behavior that needs to
be affected, and it needs to be affected even when the MUA is running
on a system that's not Internet-connected at the moment.)

I'm not at all sure that's much help, but I think we should at least
encourage compliance with RFC 2369 and RFC 2142 anyway, among others,
because (a) there's no downside and (b) it *might* help.

But:

Users have proven that they are, w.r.t. spam,  all those things
you've enumated above.  Why do you think phishing is so marvelously
successful and lucrative, for example?  Why do you think (as I've reported
elsewhere) I've seen a 100.000% false positive rate on nearly 5 years of
AOL feedback loop reports?  Why do you think that spyware (even in the
absence of drive-by downloads) is such a problem?  Why do you think that
monitoring of *outbound* mail traffic at most sites reveals a steady
stream of replies/"unsubscribes" to spammer domains, after we've spent a
decade telling people not to do that?

And arguably, this is not their fault.  Users are simply trying to get
things done, and should not be expected to be experts on spam or firewall
configuration or malware techniques or anything else like that.

---Rsk
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
https://www.irtf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Asrg] The fundamental misconception about paying for mail [postage], Chris Lewis
Next by Date:  [Asrg] Whack-a-mole (was Re: The fundamental misconception about paying for mail), Bart Schaefer
Previous by Thread:  Re: [Asrg] Mailing list signup handshakes, Michael Thomas
Next by Thread:  Re: [Asrg] Mailing list signup handshakes, Michael Thomas
Indexes:  [Date] [Thread] [Top] [All Lists]