North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Misguided SPAM Filtering techniques

  • From: Sean Figgins
  • Date: Mon Oct 22 21:44:11 2007

[email protected] wrote:
1) I'm being asked to verify my address because some malware found my address
on a hard drive and stuck it in the From: field.  I'm sorry, but if you're
asking me to verify that, it *is* a burden - you are admittedly *starting off*
assuming that it's bad and *needs* some sort of verification.  So by definition,
you're imposing on people to validate that they're real.

Why would you care to validate your email address then? If you didn't send the email, and was not expecting an email from me, then why would you even bother to read, let alone validate?

2) The rest of the time, I'm being asked to verify myself because I posted
to a mailing list, and some idiot failed to whitelist the list address.

Yes, except for two things: First YOU should not get a challenge to and email that was sent by you through the list. If you are, then this is just inexcusable on the part of the software developer or admin. Second, you should only get a challenge if you "reply to all" and send a copy of the same email to someone directly.

Homework question:  Does this method scale?  What would happen to your inbox
if *everybody* on this list did this sort of thing?

Absolutely nothing, assuming that the the list members have a clue on how the software works and should be configured. If they don't white list the mailing list, then they are idiots that have no excuse, and quite frankly will be unsubscribed from the list due to excessive bounces. And if people followed good protocol and trimmed their headers, then there really is no good reason why anyone would get a challenge to an email that they sent to the list.

And as it is, if everyone had a c/r system, I imagine that everyone would get either white listed or validated here pretty quickly.

(Bonus points for figuring out what happens when two people who *both* use
this scheme try to exchange email.  Hint - my system didn't recognize your
C/R format, and concluded it was an e-mail addressed to me.  What happens next?)

Most of this type of software is specifically designed to catch loops, and as thus will stop them. When companies send me an email from an address that has an autoresponder behind it, I usually only get one or two emails before the software stops it.

This is NANOG. If you wish to hijack the semantics of my REPLY button,
feel free to actually include a Reply-To: field that expresses the semantics
that you desire.

Why should I do such a thing when it is only common (uncommon?) sense to actually do such a thing? How highly that people must think of themselves to send the same email to people multiple times.

And I only put that disclaimer in there so people don't whine about the autoresponder. Considering the group here, I'm sure that many of them actually have their mail reader set to ignore the reply-to field. These are the same that will whine about the autoresponder if I didn't let them know ahead of time.

(Please respond only to the list.)

Actually it looks like we're being directed to stop, so no response needed, unless you want to take it off line.