[Asrg] FeedBack loops

[Barry Shein]

On November 13, 2008 at 20:52 rsk at gsp.org (Rich Kulawiec) wrote:
 > On Fri, Nov 14, 2008 at 10:02:14AM +1200, Franck Martin wrote:
 > > We were talking about: "when the user click spam, the system does not send a spam report but an unsubscribe if the mail contains the right headers and the unsubscribe is successful" 
 > 
 > First, there's no way for the web interface to know if the unsubscription
 > request was successful -- presuming that it's submitted via the address
 > specified in the RFC 2369 headers.

Is that important? Any unsubscription confirmation email should go
back to the subscriber.

 > But second, and this is the much larger problem: widespread adoption of
 > this will almost instantly lead to its mass exploitation by spammers.

How? Maybe I lack imagination, but why is this any more of a problem
than spammers just sending unsub etc requests now?

One would hope the path between a customer clicking a spam complaint
button and the service provider is reasonably reliable. And the unsub
could be verified by the same sort of means it might be verified
today.  For example I might only execute an unsub from AOL if it came
either from a customer who was actually sub'd to the list or from
AOL's feedback loop MTA. I suppose an FBL could also set up some sort
of asymmetric key pair method at setup.

But maybe I'm missing something entirely.

-- 
        -Barry Shein

The World              | bzs at TheWorld.com           | http://www.TheWorld.com
Purveyors to the Trade | Voice: 800-THE-WRLD        | Login: Nationwide
Software Tool & Die    | Public Access Internet     | SINCE 1989     *oo*