[Asrg] Dictionary Attacks

[der Mouse]

>>> 4) there _could_ be value in an automated way to tell Earthlink
>>> about abuse;
>>> 5) any use of <abuse at earthlink.com> cannot serve that purpose;
>> Why not?  I can't think why an "automated way" such as (4) mentions
>> couldn't be carried on top of email to abuse at earthlink.com.

> 1) <abuse at anywhere> is spammed too heavily

> 2) <abuse at earthlink> necessarily has earthlink-specific processing

Neither is relevant, I believe.

(1) is irrelevant because random spam will not fit the format of these
automated reports; if spamming fake reports becomes attractive enough
for it to be a problem, whatever other mechanism carries them will have
exactly the same problem.  (If the reports are crypto-signed to deal
with report forgery, this can be done over email just as much as it can
over some other channel.)

(2) is necessarily true, since any abuse-report-recipient must
necessarily be doing some kind of recipient-specific processing.  But
it's also irrelevant; there's no reason emailed automated reports can't
be shipped off to whatever processing the putative other transport
performs, rather than going into the main abuse@ queue.

> For a reporting procedure to be practical, we need to avoid the
> N * M problem.

I don't see why carrying them over email produces an N*M problem in any
way that any other transport doesn't - that is, I don't think this
(regardless of how true or false it is) has anything to do with using
mail to abuse@ as the transport.

/~\ The ASCII				  Mouse
\ / Ribbon Campaign
 X  Against HTML		mouse at rodents-montreal.org
/ \ Email!	     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B