[Asrg] FeedBack loops

Ian Eiloart iane at sussex.ac.uk
Fri Nov 14 04:28:12 PST 2008 


--On 13 November 2008 18:42:03 -0800 Steve Atkins <steve at blighty.com> wrote:

>
> On Nov 13, 2008, at 6:31 PM, Barry Shein wrote:
>
>>> But second, and this is the much larger problem: widespread
>>> adoption of
>>> this will almost instantly lead to its mass exploitation by spammers.
>>
>> How? Maybe I lack imagination, but why is this any more of a problem
>> than spammers just sending unsub etc requests now?
>>
>> One would hope the path between a customer clicking a spam complaint
>> button and the service provider is reasonably reliable. And the unsub
>> could be verified by the same sort of means it might be verified
>> today.  For example I might only execute an unsub from AOL if it came
>> either from a customer who was actually sub'd to the list or from
>> AOL's feedback loop MTA. I suppose an FBL could also set up some sort
>> of asymmetric key pair method at setup.
>>
>> But maybe I'm missing something entirely.
>
> I think so, yes.
>
> The suggestion is that the sender of the email can suppress sending
> a report via feedback loop by including an unsubscription link in the
> headers of the mail.

Huh? How is that a problem. If the email is from a feedback loop provider, 
then it doesn't matter whether the "report" is a feedback loop report, or 
through use of the unsubscription link. Spammers will ignore either, but 
genuine list owners will - presumably - find it easier to process requests 
using the link that they've provided.

> One flaw with that is that this allows spammers to suppress feedback loop
> reports. Consider the (usual) case where the recipient of the feedback
> loop is not the author of the original email, rather they're a service
> provider to the original author.

Then the feedback loop provider needs to use both mechanisms, and perhaps 
be able to indicate whether the unsubscribe mechanism was attempted.

> Cheers,
>    Steve
>
> _______________________________________________
> Asrg mailing list
> Asrg at irtf.org
> https://www.irtf.org/mailman/listinfo/asrg



-- 
Ian Eiloart
IT Services, University of Sussex
x3148

More information about the Asrg mailing list