[Asrg] FeedBack loops
Steve Atkins
steve at blighty.com
Thu Nov 13 18:42:03 PST 2008
On Nov 13, 2008, at 6:31 PM, Barry Shein wrote:
>> But second, and this is the much larger problem: widespread
>> adoption of
>> this will almost instantly lead to its mass exploitation by spammers.
>
> How? Maybe I lack imagination, but why is this any more of a problem
> than spammers just sending unsub etc requests now?
>
> One would hope the path between a customer clicking a spam complaint
> button and the service provider is reasonably reliable. And the unsub
> could be verified by the same sort of means it might be verified
> today. For example I might only execute an unsub from AOL if it came
> either from a customer who was actually sub'd to the list or from
> AOL's feedback loop MTA. I suppose an FBL could also set up some sort
> of asymmetric key pair method at setup.
>
> But maybe I'm missing something entirely.
I think so, yes.
The suggestion is that the sender of the email can suppress sending
a report via feedback loop by including an unsubscription link in the
headers of the mail.
One flaw with that is that this allows spammers to suppress feedback
loop
reports. Consider the (usual) case where the recipient of the feedback
loop is not the author of the original email, rather they're a service
provider
to the original author.
Cheers,
Steve
More information about the Asrg
mailing list