[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Asrg] Economic model is borken. (sic.) Let's fix it

To: asrg@ietf.org
Subject: Re: [Asrg] Economic model is borken. (sic.) Let's fix it
From: Nate W <asrg@natew.com>
Date: Thu, 6 Mar 2003 23:40:30 -0800 (PST)
In-reply-to: <p0600097bba8dc4fe72fb@[192.168.1.104]>
List-archive: <https://www1.ietf.org/pipermail/asrg/>
List-help: <mailto:asrg-request@ietf.org?subject=help>
List-id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-post: <mailto:asrg@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>,<mailto:asrg-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>,<mailto:asrg-request@ietf.org?subject=unsubscribe>
Sender: asrg-admin@ietf.org

On Thu, 6 Mar 2003, Kee Hinckley wrote:

> At 3:51 PM -0800 3/6/03, Nate W wrote:
> 
> > Sometimes I whitelist the domain beforehand, most times I just check the
> > 'holding pen' folder for a message from the merchant some time later.
> 
> The question is not how we do it.  But how someone's grandmother is 
> going to do it.  There is no interface.  It's an error-prone and 
> manual process.  It also completely fails when a company changes it's 
> name, or when the primary domain is not the same as the particular 
> store you shopped at.

Granted that we aren't our own target market, and it's error-prone and
manual, but IMAP and a good mail client will provide a UI for the holding
pen folder.  From the receiver's point of view, it's just a good filter,
and like most filters you do need to check the hits from time, and
definitely when an expected message doesn't make it to your inbox.

> One can certainly imagine standards to deal with this problem. 
> Browser plugins, special URLs....
> 
> But fundamentally whitelisting fails without authentication.

Fails occasionally, and would be greatly improved without authentication,
but I think it's only a couple good client implementations away from
acceptance by a sizable chunk of the market.  As filters go, it works very
well and requires little maintenance.  

How would you propose using strong authentication for the 'reciept from a
merchant' scenario?  Or would you?

More interestingly, how do you propose adding authentication to email, in
general?

> In fact, I just got one such.  A social engineering paypal theft 
> scam.  Mail from Canada, with a form that submits to Rusia, which 
> then sends the email to Florida.  Fortunately it fails a trivial 
> header check.

Nigerian bank scammers are the only ones to get through my filter so far
(two, maybe three occasions).  I was beginning to think that they were the
only spammers who actually read their responses.

-- 

Nate Waddoups
Redmond WA USA
http://www.natew.com

_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg

Follow-Ups:
- Re: [Asrg] Economic model is borken. (sic.) Let's fix it
  - From: Kee Hinckley

References:
- Re: [Asrg] Economic model is borken. (sic.) Let's fix it
  - From: Kee Hinckley

Prev by Date: Re: pros and cons of RMX (Re: [Asrg] Declaration to the world)
Next by Date: Re: [Asrg] Spam detection system proposal
Previous by thread: Re: [Asrg] Economic model is borken. (sic.) Let's fix it
Next by thread: Re: [Asrg] Economic model is borken. (sic.) Let's fix it
Index(es):
- Date
- Thread