North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Misguided SPAM Filtering techniques

  • From: Valdis . Kletnieks
  • Date: Mon Oct 22 20:48:19 2007

On Mon, 22 Oct 2007 16:13:52 MDT, Sean Figgins said:

> And, is it really a burden if you SEND me an email to validate yourself?  If it 
> IS such a burden, then I invite you not to send email to start with, especially 
> not to me.

That would be all fine and good - if I was being asked to validate mail that
I actually sent to you.  I've seen very few true positives for this, compared
to two *large* classes of false positives:

1) I'm being asked to verify my address because some malware found my address
on a hard drive and stuck it in the From: field.  I'm sorry, but if you're
asking me to verify that, it *is* a burden - you are admittedly *starting off*
assuming that it's bad and *needs* some sort of verification.  So by definition,
you're imposing on people to validate that they're real.

2) The rest of the time, I'm being asked to verify myself because I posted
to a mailing list, and some idiot failed to whitelist the list address.

Homework question:  Does this method scale?  What would happen to your inbox
if *everybody* on this list did this sort of thing?

(Bonus points for figuring out what happens when two people who *both* use
this scheme try to exchange email.  Hint - my system didn't recognize your
C/R format, and concluded it was an e-mail addressed to me.  What happens next?)

> (Please respond only through the list)

This is NANOG. If you wish to hijack the semantics of my REPLY button,
feel free to actually include a Reply-To: field that expresses the semantics
that you desire.  

Attachment: pgp00031.pgp
Description: PGP signature