Text 2063, 240 rader
Skriven 2005-01-18 17:44:48 av Rich (1:379/45)
Kommentar till text 2056 av Geo (1:379/45)
Ärende: Re: Do we protect users from their own stupidity?
=========================================================
From: "Rich" <@>
This is a multi-part message in MIME format.
------=_NextPart_000_0010_01C4FD85.67F873B0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Knowing the IP address doesn't tell you whether the email is valid or =
not without more effort. This is the whole premise behind Sender ID and = SPF.
This level of thumbs up or down I do think is useful. Exposing = all the
garbage is not just useless but undesirable to most users who = have neither
the skill nor the interest.
You may like complaining about spam. I know folks that do, all =
technical. No one non-technical I know ever thinks of reporting spam. = They
just wish it would go away and delete it.
Do you really think that even a tiny fraction of people have interest =
in let alone understanding of arin registration? You are living on some =
other planet.
Rich
"Geo" <georger@nls.net> wrote in message news:41eda4e1$1@w3.nls.net...
Please notice I said nothing about WHO an email came from (I'm in =
favor of anonymous email) but instead I said verifying WHERE an email = came
from. WHERE is useful because if you get an email from your bank = then being
able to verify that it came from your bank's email server is = a way to know if
it's been faked. You may not know anyone at the bank so = knowing WHO isn't
important.
Likewise if you receive a spam, knowing where it came from allows you =
to complain to the ISP who has the compromised host on their network.
I'm not suggesting giving the user just the source IP, I'm suggesting =
much more than that. Give them arin registration and the abuse or = contact
address, maybe even show a map like neotrace shows. But don't go = too far,
don't have the email program automatically create a complaint = email like the
aol file as spam button did. Make it slightly more = difficult than that to
file complaints so that you don't have stupid = users hitting "file as spam"
instead of delete for an email they got = from aunt martha. They should have to
type in the contact/abuse address = to send a complaint email, that way you
don't go and overwhelm the = abuse/contact addresses like aol did.
I think it would be very useful and at the same time not raise much of =
the privacy issues that tagging each email with your personal = fingerprints
would raise, especially since all this information is = already there in the
headers or available online. It's nothing new, it's = just a way to make the
computer do the work for the user. I have = customers ask me where an email
came from quite often, it's not an = unusual request.
All I'm saying to do is answer that question, where did this email =
come from. Nothing more, not a validation process, not a secure email =
feature, just a simple answer to a simple question that users ask about = an
email. It won't solve any problems, it *will* please users.
Geo.
"Rich" <@> wrote in message news:41ec6862$1@w3.nls.net...
The headers are garbage to most and not intended to be anything =
but. They are details of the delivery infrastructure. If you want a =
mechanism that authenticates the identity of the sender you should = encourage
the use of a mechanism that provides for this like S/MIME.
Postal mail is not different. The return address is what the =
person sending the mail choose to use not who he really is. The = postmark
usually isn't useful because it only tells you one place the = mail may have
been not where it came from or who sent it.
I don't believe people would use a "where did this come from" =
button both because they don't care and because what you tell them is = usually
meaningless. What do you think most users would do with the IP = address of
and maybe one name for the machine that communicated with = their ISPs SMTP
server? I can see value in the results of a validation = like that provided by
Sender ID, SPF, or similar which gives you = something along the lines of
thumbs up or thumbs down.
Rich
------=_NextPart_000_0010_01C4FD85.67F873B0
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 6.00.3790.1289" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2> Knowing the IP address =
doesn't tell=20
you whether the email is valid or not without more effort. This is =
the=20
whole premise behind Sender ID and SPF. This level of thumbs up or = down
I=20
do think is useful. Exposing all the garbage is not just useless = but=20
undesirable to most users who have neither the skill nor the=20
interest.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2> You may like complaining =
about=20
spam. I know folks that do, all technical. No one = non-technical
I=20
know ever thinks of reporting spam. They just wish it would go = away
and=20
delete it.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2> Do you really think that =
even a tiny=20
fraction of people have interest in let alone understanding of arin=20
registration? You are living on some other planet.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>Rich</FONT></DIV>
<DIV> </DIV>
<BLOCKQUOTE dir=3Dltr=20
style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; =
BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV>"Geo" <<A =
href=3D"mailto:georger@nls.net">georger@nls.net</A>> wrote=20
in message <A=20
=
href=3D"news:41eda4e1$1@w3.nls.net">news:41eda4e1$1@w3.nls.net</A>...</DI=
V>
<DIV><FONT face=3DArial size=3D2>Please notice I said nothing about =
WHO an email=20
came from (I'm in favor of anonymous email) but instead I said =
verifying WHERE=20
an email came from. WHERE is useful because if you get an email from =
your bank=20
then being able to verify that it came from your bank's email server =
is a way=20
to know if it's been faked. You may not know anyone at the bank so =
knowing WHO=20
isn't important.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>Likewise if you receive a spam, =
knowing where it=20
came from allows you to complain to the ISP who has the compromised =
host on=20
their network.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>I'm not suggesting giving the user =
just the=20
source IP, I'm suggesting much more than that. Give them arin =
registration and=20
the abuse or contact address, maybe even show a map like neotrace =
shows. But=20
don't go too far, don't have the email program automatically create a=20
complaint email like the aol file as spam button did. Make it slightly =
more=20
difficult than that to file complaints so that you don't have stupid =
users=20
hitting "file as spam" instead of delete for an email they got from =
aunt=20
martha. They should have to type in the contact/abuse address to send =
a=20
complaint email, that way you don't go and overwhelm the abuse/contact =
addresses like aol did.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>I think it would be very useful and =
at the same=20
time not raise much of the privacy issues that tagging each email with =
your=20
personal fingerprints would raise, especially since all this =
information is=20
already there in the headers or available online. It's nothing new, =
it's just=20
a way to make the computer do the work for the user. I have customers =
ask me=20
where an email came from quite often, it's not an unusual=20
request.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>All I'm saying to do is answer that =
question,=20
where did this email come from. Nothing more, not a validation =
process, not a=20
secure email feature, just a simple answer to a simple question that =
users ask=20
about an email. It won't solve any problems, it *will* please=20
users.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>Geo.</FONT></DIV>
<BLOCKQUOTE dir=3Dltr=20
style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; =
BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV>"Rich" <@> wrote in message <A=20
=
href=3D"news:41ec6862$1@w3.nls.net">news:41ec6862$1@w3.nls.net</A>...</DI=
V>
<DIV><FONT face=3DArial size=3D2> The headers are =
garbage to most=20
and not intended to be anything but. They are details of the =
delivery=20
infrastructure. If you want a mechanism that authenticates the =
identity of the sender you should encourage the use of a mechanism =
that=20
provides for this like S/MIME.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2> Postal mail is not=20
different. The return address is what the person sending the =
mail=20
choose to use not who he really is. The postmark usually isn't =
useful=20
because it only tells you one place the mail may have been not where =
it came=20
from or who sent it.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2> I don't believe people =
would use a=20
"where did this come from" button both because they don't care and =
because=20
what you tell them is usually meaningless. What do you think =
most=20
users would do with the IP address of and maybe one =
name for the=20
machine that communicated with their ISPs SMTP server? I can =
see value=20
in the results of a validation like that provided by Sender ID, SPF, =
or=20
similar which gives you something along the lines of thumbs up or =
thumbs=20
down.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>Rich</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT><FONT face=3DArial=20
size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2></FONT><FONT face=3DArial=20
size=3D2></FONT> </DIV></BLOCKQUOTE></BLOCKQUOTE></BODY></HTML>
------=_NextPart_000_0010_01C4FD85.67F873B0--
--- BBBS/NT v4.01 Flag-5
* Origin: Barktopia BBS Site http://HarborWebs.com:8081 (1:379/45)
|