On Tue, Feb 2, 2010 at 12:01 AM, ram <ram(_at_)netcore(_dot_)co(_dot_)in> wrote:
The MUA must also have proper time outs so as to cut-off malicious fbl urls
And any sort of FBL-via-MUA process should be opt-in, as well.
Checking only for a signature means bad guys signing mail can direct
where the feedback goes when you hit "this is spam." That data could
be misused to confirm email addresses, telling a spammer "we got a
live one" and making the email address worth selling.
Come to think of it, I don't think this should be core MUA
functionality. Even though I work for an ESP and would want the
feedback, I see too much opportunity for abuse. I'd rather see
third-party "report spam" plugins wherein that third party can make
the determination on where and whether or not to route a report. If
that third party doesn't trust or know about the sender, a report
would hopefully not be sent.
Regards,
Al Iverson
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg