Misguided SPAM Filtering techniques

• Previous message (by thread): Misguided SPAM Filtering techniques
• Next message (by thread): Misguided SPAM Filtering techniques
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Valdis.Kletnieks at vt.edu wrote:
> 1) I'm being asked to verify my address because some malware found my address
> on a hard drive and stuck it in the From: field.  I'm sorry, but if you're
> asking me to verify that, it *is* a burden - you are admittedly *starting off*
> assuming that it's bad and *needs* some sort of verification.  So by definition,
> you're imposing on people to validate that they're real.

Why would you care to validate your email address then?  If you didn't 
send the email, and was not expecting an email from me, then why would 
you even bother to read, let alone validate?

> 2) The rest of the time, I'm being asked to verify myself because I posted
> to a mailing list, and some idiot failed to whitelist the list address.

Yes, except for two things:  First YOU should not get a challenge to and 
email that was sent by you through the list.  If you are, then this is 
just inexcusable on the part of the software developer or admin. 
Second, you should only get a challenge if you "reply to all" and send a 
copy of the same email to someone directly.

> Homework question:  Does this method scale?  What would happen to your inbox
> if *everybody* on this list did this sort of thing?

Absolutely nothing, assuming that the the list members have a clue on 
how the software works and should be configured.  If they don't white 
list the mailing list, then they are idiots that have no excuse, and 
quite frankly will be unsubscribed from the list due to excessive 
bounces.  And if people followed good protocol and trimmed their 
headers, then there really is no good reason why anyone would get a 
challenge to an email that they sent to the list.

And as it is, if everyone had a c/r system, I imagine that everyone 
would get either white listed or validated here pretty quickly.

> (Bonus points for figuring out what happens when two people who *both* use
> this scheme try to exchange email.  Hint - my system didn't recognize your
> C/R format, and concluded it was an e-mail addressed to me.  What happens next?)

Most of this type of software is specifically designed to catch loops, 
and as thus will stop them.  When companies send me an email from an 
address that has an autoresponder behind it, I usually only get one or 
two emails before the software stops it.

> This is NANOG. If you wish to hijack the semantics of my REPLY button,
> feel free to actually include a Reply-To: field that expresses the semantics
> that you desire.  

Why should I do such a thing when it is only common (uncommon?) sense to 
actually do such a thing?  How highly that people must think of 
themselves to send the same email to people multiple times.

And I only put that disclaimer in there so people don't whine about the 
autoresponder.  Considering the group here, I'm sure that many of them 
actually have their mail reader set to ignore the reply-to field.  These 
are the same that will whine about the autoresponder if I didn't let 
them know ahead of time.

  -Sean
(Please respond only to the list.)

Actually it looks like we're being directed to stop, so no response 
needed, unless you want to take it off line.

• Previous message (by thread): Misguided SPAM Filtering techniques
• Next message (by thread): Misguided SPAM Filtering techniques
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]