ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Asrg] request for review for a non FUSSP proposal

2009-06-24 07:01:01
from [Ian Eiloart] [Permanent Link]
--On 24 June 2009 11:57:19 +0200 Jose-Marcio Martins da Cruz <Jose-Marcio(_dot_)Martins(_at_)mines-paristech(_dot_)fr> wrote: 


Ian Eiloart wrote:



He uses a secretary to filter his email. If only we all had that
resource. Instead, my 12,000 users have me and a bunch of rules that I
maintain.


An automated secretary...


A better example of consent is spamcop. If you want to report a spam
message to them, you can send it to an email address like
submit(_dot_)xxxxxxxxxxxxxxxx(_at_)spam(_dot_)spamcop(_dot_)net where 
xxxxxxxxxxxxxxxx is an
apparently random string. Perhaps it carries some cryptographic
authentication which prevents others from using it, perhaps not, so I've
obfuscated it. I can't remember how I got the string - probably from a
web form - I just keep it in my address book.


Well, you submited my message to spamcop... ;-). Their address was in the
list of recipients...
Sorry - was using my mail client's autocomplete to check the format. Forgot to delete the address <blush>. Actually, the report isn't complete until I confirm it, and spamcop probably won't be able to parse the report because my message to them didn't include your message headers.
Hmm, maybe some address harvester will harvest that address and start spamming spamcop directly, cutting me out of the loop! Perhaps I'd better try to change the address. 




I wonder whether creating a standard just makes the idea easier to
attack through automated means. I have, for example, a mechanism that


That's a good point.


prevents people spoofing local email (ie pretending the sender is in our
domain when the recipient is in our domain). I could have used something
clever, but went for something simple and very easy to attack. However,
it's still working some years later, and has in the meantime kept our
internal email pretty spam free. If someone does attack it, I'll do
something more principled.


You're right. A standard will just work till the moment it will be
cracked. And after that the standard will be droped down and people will
go back to their own home made rules.

Either way, a good point to think when proposing a standard is if people
is open to it. E.g., is spamcop open to replace their consent mechanism
by a standard one ?

JM




--
Ian Eiloart
IT Services, University of Sussex
01273-873148 x3148
For new support requests, see http://www.sussex.ac.uk/its/help/
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Asrg] request for review for a non FUSSP proposal, Jose-Marcio Martins da Cruz
Next by Date:  Re: [Asrg] request for review for a non FUSSP proposal, Seth
Previous by Thread:  Re: [Asrg] request for review for a non FUSSP proposal, Jose-Marcio Martins da Cruz
Next by Thread:  Re: [Asrg] request for review for a non FUSSP proposal, Claudio Telmon
Indexes:  [Date] [Thread] [Top] [All Lists]