ietf-smtp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ietf-smtp] [Shutup] Proposed Charter for the "SMTP Headers Unhealthy To User Privacy" WG (fwd)

2015-12-02 16:51:32
from [Rich Kulawiec] [Permanent Link] 
On Wed, Dec 02, 2015 at 03:35:04AM +0000, Ted Lemon wrote:

This is a stereotype, which very clearly is not grounded in any kind
of serious, statistically sound survey of real-world users. 


Neither is my assertion that the ocean is wet, but everyone with
real-world experience knows it's true.

But if you really must: I suggest setting up an address, subscribing
it to at least a thousand different and topic/location-varied mailing
lists and then pushing all the incoming traffic through a procmail
filter that stashes everything for future analysis.  Then wait
a few years.  Or decades.  My corpus has about 25 years' worth of
traffic and is about 40G, gzip'd.  Message count is around 24M.
You can then, for example, write a script (or find one) that
strips off headers or signature blocks or whatever and tosses
them into a hopper for analysis.

What you will very quickly discover is that users are *deliberately*
handing out far more and far more useful information about themselves
than their mail servers are *incidentally* handing out.  You're fretting
over a tiny breadcrumb when there's a full buffet sitting on the table.

---rsk

p.s. Speaking of real-world users, if I want to know somebody's
(current) IP address, one reliable technique is to get them to click
on a unique link that corresponds to a URL on a web server whose logs
I can access.  Thus if I want Joe Cool to cough up his current
IP address, I can say:

        "Hey, Joe, why dontcha check this out?

        http://www.example.com/stuff-for-joe.html

        Thanks, man."

I can ask Joe to do this via any means available -- email, IM,
IRC, text, etc.  And "Joe", for a value of "Joe" approximating
"darn near everyone", will do it.  (If this were not true, then
phishing, drive-by malware downloads, etc., would not be so
incredibly successful.)  Various methods of encouraging Joe
to comply exist, as noted by Marcus Ranum:

        "There have been numerous interesting studies that indicate that
        a significant percentage of users will trade their password for
        a candy bar, and the Anna Kournikova worm showed us that nearly
        1/2 of humanity will click on anything purporting to contain
        nude pictures of semi-famous females."

(See http://www.ranum.com/security/computer_security/editorials/dumb/)

Like I said above: this is *one* reliable technique: there are many others.

_______________________________________________
ietf-smtp mailing list
ietf-smtp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-smtp
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ietf-smtp] [Shutup] Proposed Charter for the "SMTP Headers Unhealthy To User Privacy" WG (fwd), Rich Kulawiec
Next by Date:  Re: [ietf-smtp] [Shutup] Proposed Charter for the "SMTP Headers Unhealthy To User Privacy" WG (fwd), Chris Lewis
Previous by Thread:  Re: [ietf-smtp] [Shutup] Proposed Charter for the "SMTP Headers Unhealthy To User Privacy" WG (fwd), Ted Lemon
Next by Thread:  Re: [ietf-smtp] [Shutup] Proposed Charter for the "SMTP Headers Unhealthy To User Privacy" WG (fwd), Robert A. Rosenberg
Indexes:  [Date] [Thread] [Top] [All Lists]