[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Asrg] CRI Header

To: ASRG list <asrg@ietf.org>
Subject: Re: [Asrg] CRI Header
From: waltdnes@waltdnes.org
Date: Fri, 13 Jun 2003 17:58:42 -0400
In-reply-to: <5.2.0.9.2.20030612142712.00b53008@std5.imagineis.com>
List-archive: <https://www1.ietf.org/pipermail/asrg/>
List-help: <mailto:asrg-request@ietf.org?subject=help>
List-id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-post: <mailto:asrg@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>,<mailto:asrg-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>,<mailto:asrg-request@ietf.org?subject=unsubscribe>
References: <MBEKIIAKLDHKMLNFJODBOEBEFIAA.eric@purespeed.com> <01C32D56.08AC8FF0.eric@infobro.com> <MBEKIIAKLDHKMLNFJODBOEBEFIAA.eric@purespeed.com> <5.2.0.9.2.20030612142712.00b53008@std5.imagineis.com>
Sender: asrg-admin@ietf.org
User-agent: Mutt/1.4.1i

On Thu, Jun 12, 2003 at 02:32:47PM -0400, Yakov Shafranovich wrote
> At 10:50 PM 6/10/2003 -0400, waltdnes@waltdnes.org wrote:

> >  2) Yes, I realize that the ISP's MTA will have to keep state
> >information regarding the luser's preferences.  However, it comes down
> >to either a) ISP's server doing it (maybe luser enters pre-emptive
> >             whitelist/blocklist via web interface), or
> >          b) luser administering it on his own MUA (Aunt Ethel or your
> >             parents, yeah sure)
> 
> Privacy issues are a big concern here. Keep in mind that in the
> USA, this information can be subpoened by many parties ranging from
> the RIAA seeking copyright pirates to the FBI via the FBIS. Some
> approaches here such as using checksums, one way functions,
> cryptography, etc. are needed.

  Given those powers, I'd subpeona the ISP's logs instead, or at least a
subset generated by grepping for the suspect's email address as the
destination.  Spam Rule #3, or some corollary thereof, applies to
"military intelligence".  They're stupid and incompetent, and think that
the bad guys are too.  Assuming that...
  a) I was a bad guy, and
  b) I'd do something as silly as sending instructions via email
  I could...
  - subscribe to this list
  - whitelist envelope-sender "asrg-admin@ietf.org"
  - tell my co-conspirator to forge "asrg-admin@ietf.org" as the
    envelope-sender when emailing me

  My whitelist would look very innocent, and "military intelligence"
would still have to take a good look at the ISP's logs to figure our
what was going on.  Even simpler, we'd set up as spammers, and *NOT* use
tight whitelists.  Specially coded porno spams that open a dozen browser
windows would also open one which had a porno gif with steganographic
embedded encoding of instructions.

-- 
Walter Dnes <waltdnes@waltdnes.org>
Email users are divided into two classes;
1) Those who have effective spam-blocking
2) Those who wish they did
_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg

Follow-Ups:
- Re: [Asrg] CRI Header
  - From: Yakov Shafranovich

References:
- RE: [Asrg] CRI Header
  - From: Eric Dean
- RE: [Asrg] CRI Header
  - From: Eric D. Williams
- Re: [Asrg] CRI Header
  - From: Yakov Shafranovich

Prev by Date: RE: [Asrg] ASRG IPR policy (was RE: US Spam patents: Partial list)
Next by Date: RE: [Asrg] US Spam patents: Partial list
Previous by thread: Re: [Asrg] CRI Header
Next by thread: Re: [Asrg] CRI Header
Index(es):
- Date
- Thread