--On 22 June 2009 16:31:04 -0600 Lyndon Nerenberg
<lyndon(_at_)orthanc(_dot_)ca> wrote:
On Tue, 2009-06-23 at 00:14 +0200, Claudio Telmon wrote:
These, in turn, can see that spam
arrives with the tokens they provided to the system owner, inform the
system owner about this fact and invalidate the tokens. Once the
system
security is "restored", the spammer is left with useless tokens.
Collected consent-protected addresses are useless without valid
tokens.
All of which puts the burden once again -- or 'still' -- on the backs of
the innocent victims. This doesn't solve anything.
That's the wrong test. The test should not be "does this mechanism place a
burden on the innocent?". All new mechanisms do that.
Instead, you should ask whether the mechanism places a disproportionate
burden on the innocent. The burden should be at least somewhat less than
the burden currently imposed by spammers. That's a much easier test to pass
if you include the burden on sys-admins. However, the burden placed on end
users should not be a cognitive burden - most won't cope.
--
Ian Eiloart
IT Services, University of Sussex
01273-873148 x3148
For new support requests, see http://www.sussex.ac.uk/its/help/
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg