Re: [Asrg] 6. Email Path Verification (hashcash benchmarks)

[Scott Nelson <scott@spamwolf.com>]

At 04:42 AM 9/15/03 +0200, Brad Knowles wrote:
>At 2:06 AM +0100 2003/09/15, Jonathan Morton wrote:
>
>>  I personally think that nearly all ISPs, especially those with a
>>  large proportion of newbies, should delete directly-executable
>>  attachments without question.
>
>	There, I must disagree very strongly.  Plenty of people in this 
>world have reason to be mailing attachments around, although I'm 
>opposed to their using e-mail as a replacement for proper 
>file-transfer technologies for large attachments.
>
>	Yes, I agree that there should be some default controls to make 
>this sort of stuff less dangerous, but I am most certainly not 
>convinced that they should be deleting directly executable 
>attachments unless expressly asked to do so.
>

Rather than deleting by default, I recommend renaming
executable attachments to something not executable, 
and adding a note explaining what you've done.
(Perhaps also explaining that it's a bad idea to run an executable
you weren't expecting, even if it is from someone you know.)

And if you're going to have an option like that, I also recommend
that it be something the user can turn off.


Scott Nelson <scott@spamwolf.com>



_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg