Lyndon Nerenberg wrote:
All of which puts the burden once again -- or 'still' -- on the backs of
the innocent victims. This doesn't solve anything.
I'm probably missing your point. I'm corresponding with person A. I give
him a token he can use to send me messages. He is careless, and has his
system compromised, so a spammer can take that token and use it for
sending me spam. I would feel more a victim of A than a victim of the
spammer. This framework takes the problem at the level of a relationship
between me and somebody who doesn't handle the relationship with proper
care. The system compromise is an accident that is known to happen to
careless people. By using this framework, I can give another opportunity
to A, by informing him of the problem, reprimand him, talk about this
with our friends, invalidate the token and send him another one, or I
can just close the (email) relationship. The same if the token is
directly provided by A to other undesired correspondents. These are
things I cannot do if I just look at spam messages. Also, I can restore
a situation where the information in the hands of the spammer is
useless, and at almost no cost, so I wouldn't say that it doesn't solve
anything.
--
Claudio Telmon
claudio(_at_)telmon(_dot_)org
http://www.telmon.org
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg