Text 2056, 186 rader
Skriven 2005-01-18 19:03:30 av Geo (1:379/45)
Kommentar till text 2028 av Rich (1:379/45)
Ärende: Re: Do we protect users from their own stupidity?
=========================================================
From: "Geo" <georger@nls.net>
This is a multi-part message in MIME format.
------=_NextPart_000_0060_01C4FD90.66AE1860
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Please notice I said nothing about WHO an email came from (I'm in favor = of
anonymous email) but instead I said verifying WHERE an email came = from. WHERE
is useful because if you get an email from your bank then = being able to
verify that it came from your bank's email server is a way = to know if it's
been faked. You may not know anyone at the bank so = knowing WHO isn't
important.
Likewise if you receive a spam, knowing where it came from allows you to =
complain to the ISP who has the compromised host on their network.
I'm not suggesting giving the user just the source IP, I'm suggesting = much
more than that. Give them arin registration and the abuse or = contact address,
maybe even show a map like neotrace shows. But don't go = too far, don't have
the email program automatically create a complaint = email like the aol file as
spam button did. Make it slightly more = difficult than that to file complaints
so that you don't have stupid = users hitting "file as spam" instead of delete
for an email they got = from aunt martha. They should have to type in the
contact/abuse address = to send a complaint email, that way you don't go and
overwhelm the = abuse/contact addresses like aol did.
I think it would be very useful and at the same time not raise much of = the
privacy issues that tagging each email with your personal = fingerprints would
raise, especially since all this information is = already there in the headers
or available online. It's nothing new, it's = just a way to make the computer
do the work for the user. I have = customers ask me where an email came from
quite often, it's not an = unusual request.
All I'm saying to do is answer that question, where did this email come = from.
Nothing more, not a validation process, not a secure email = feature, just a
simple answer to a simple question that users ask about = an email. It won't
solve any problems, it *will* please users.
Geo.
"Rich" <@> wrote in message news:41ec6862$1@w3.nls.net...
The headers are garbage to most and not intended to be anything =
but. They are details of the delivery infrastructure. If you want a =
mechanism that authenticates the identity of the sender you should = encourage
the use of a mechanism that provides for this like S/MIME.
Postal mail is not different. The return address is what the =
person sending the mail choose to use not who he really is. The = postmark
usually isn't useful because it only tells you one place the = mail may have
been not where it came from or who sent it.
I don't believe people would use a "where did this come from" =
button both because they don't care and because what you tell them is = usually
meaningless. What do you think most users would do with the IP = address of
and maybe one name for the machine that communicated with = their ISPs SMTP
server? I can see value in the results of a validation = like that provided by
Sender ID, SPF, or similar which gives you = something along the lines of
thumbs up or thumbs down.
Rich
------=_NextPart_000_0060_01C4FD90.66AE1860
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 6.00.2800.1479" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2>Please notice I said nothing about WHO =
an email=20
came from (I'm in favor of anonymous email) but instead I said verifying =
WHERE=20
an email came from. WHERE is useful because if you get an email from = your
bank=20
then being able to verify that it came from your bank's email server is = a way
to=20
know if it's been faked. You may not know anyone at the bank so knowing =
WHO=20
isn't important.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>Likewise if you receive a spam, knowing =
where it=20
came from allows you to complain to the ISP who has the compromised host =
on=20
their network.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>I'm not suggesting giving the user just =
the source=20
IP, I'm suggesting much more than that. Give them arin registration and =
the=20
abuse or contact address, maybe even show a map like neotrace shows. But =
don't=20
go too far, don't have the email program automatically create a = complaint
email=20
like the aol file as spam button did. Make it slightly more difficult = than
that=20
to file complaints so that you don't have stupid users hitting "file as =
spam"=20
instead of delete for an email they got from aunt martha. They should = have
to=20
type in the contact/abuse address to send a complaint email, that way = you
don't=20
go and overwhelm the abuse/contact addresses like aol did.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>I think it would be very useful and at =
the same=20
time not raise much of the privacy issues that tagging each email with =
your=20
personal fingerprints would raise, especially since all this information =
is=20
already there in the headers or available online. It's nothing new, it's = just
a=20
way to make the computer do the work for the user. I have customers ask = me
where=20
an email came from quite often, it's not an unusual = request.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>All I'm saying to do is answer that =
question, where=20
did this email come from. Nothing more, not a validation process, not a =
secure=20
email feature, just a simple answer to a simple question that users ask = about
an=20
email. It won't solve any problems, it *will* please users.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>Geo.</FONT></DIV>
<BLOCKQUOTE dir=3Dltr=20
style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; =
BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV>"Rich" <@> wrote in message <A=20
=
href=3D"news:41ec6862$1@w3.nls.net">news:41ec6862$1@w3.nls.net</A>...</DI=
V>
<DIV><FONT face=3DArial size=3D2> The headers are garbage =
to most and=20
not intended to be anything but. They are details of the =
delivery=20
infrastructure. If you want a mechanism that authenticates the =
identity=20
of the sender you should encourage the use of a mechanism that =
provides for=20
this like S/MIME.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2> Postal mail is not =
different. =20
The return address is what the person sending the mail choose to use =
not who=20
he really is. The postmark usually isn't useful because it only =
tells=20
you one place the mail may have been not where it came from or who =
sent=20
it.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2> I don't believe people =
would use a=20
"where did this come from" button both because they don't care and =
because=20
what you tell them is usually meaningless. What do you think =
most users=20
would do with the IP address of and maybe one name for the =
machine=20
that communicated with their ISPs SMTP server? I can see value =
in the=20
results of a validation like that provided by Sender ID, SPF, or =
similar which=20
gives you something along the lines of thumbs up or thumbs =
down.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>Rich</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT><FONT face=3DArial=20
size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2></FONT><FONT face=3DArial=20
size=3D2></FONT> </DIV></BLOCKQUOTE></BODY></HTML>
------=_NextPart_000_0060_01C4FD90.66AE1860--
--- BBBS/NT v4.01 Flag-5
* Origin: Barktopia BBS Site http://HarborWebs.com:8081 (1:379/45)
|