On 4/30/10 11:24 AM, John Levine wrote:
We need to be precise about what we mean by "trustworthy". Even if I
have "some way to identify trustworthy lists" as you put it above, I
have to be very clear about what I'm actually trusting that list to do.
When I sign up for a list, I trust it to send me mail that I am
willing to receive. Is there any other understanding of mailing
lists that people have?
Perhaps this concern should be viewed in how different email might be
perceived. When people are mislead into believing you recommended some
clever script, they might be tempted to give it a try. Just following
a link could expose recipients to possible zero day exploits. This type
of social engineering is ongoing, where theft of financial information
has risen dramatically in the last two years.
Exploits are regularly found in browser extensions like Adobe Flash,
Acrobat, Java, and Active-X, where many are patched and reported in
comparatively long periods after initial discoveries. Malware taking
advantage of these exploits often becomes modified in less than six
hours. Once a patch is published, it event is often followed by a flood
of more malware, since it educates other writers.
While you may not be concerned, think of financial institutions seeing
people's accounts ransacked. Whether they use their transactional
domain, or some lesser known one, the need for security does not really
change.
-Doug
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html