Misguided SPAM Filtering techniques
Valdis.Kletnieks at vt.edu
Valdis.Kletnieks at vt.edu
Tue Oct 23 00:44:49 UTC 2007
On Mon, 22 Oct 2007 16:13:52 MDT, Sean Figgins said:
> And, is it really a burden if you SEND me an email to validate yourself? If it
> IS such a burden, then I invite you not to send email to start with, especially
> not to me.
That would be all fine and good - if I was being asked to validate mail that
I actually sent to you. I've seen very few true positives for this, compared
to two *large* classes of false positives:
1) I'm being asked to verify my address because some malware found my address
on a hard drive and stuck it in the From: field. I'm sorry, but if you're
asking me to verify that, it *is* a burden - you are admittedly *starting off*
assuming that it's bad and *needs* some sort of verification. So by definition,
you're imposing on people to validate that they're real.
2) The rest of the time, I'm being asked to verify myself because I posted
to a mailing list, and some idiot failed to whitelist the list address.
Homework question: Does this method scale? What would happen to your inbox
if *everybody* on this list did this sort of thing?
(Bonus points for figuring out what happens when two people who *both* use
this scheme try to exchange email. Hint - my system didn't recognize your
C/R format, and concluded it was an e-mail addressed to me. What happens next?)
> (Please respond only through the list)
This is NANOG. If you wish to hijack the semantics of my REPLY button,
feel free to actually include a Reply-To: field that expresses the semantics
that you desire.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20071022/265a63a2/attachment.sig>
More information about the NANOG
mailing list