Text 2072, 290 rader
Skriven 2005-01-19 06:31:12 av Geo (1:379/45)
Kommentar till text 2063 av Rich (1:379/45)
Ärende: Re: Do we protect users from their own stupidity?
=========================================================
From: "Geo" <georger@nls.net>
This is a multi-part message in MIME format.
------=_NextPart_000_0082_01C4FDF0.781F6BC0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
I didn't say know if it's real, I said know if it's faked (as in if it = claims
to be from my bank but comes from a road runner dsl line with no = reverse dns
then obviously this isn't my bank.)
Again, I'm not trying to verify email, I'm simply trying to describe a =
feature that uses existing information in every email and puts that =
information in a form that is useful to most users.
Arin registration doesn't require any understanding, if you hit "where = did
this come from" and the answer comes back as having originated at an = IP
address in Russia and passed thru a machine called mail.ksu.edu = located at
kent state university in burton oh then you have more = information about the
email than you did before and without having to = learn to read headers.
Geo.
"Rich" <@> wrote in message news:41edbb74@w3.nls.net...
Knowing the IP address doesn't tell you whether the email is valid =
or not without more effort. This is the whole premise behind Sender ID = and
SPF. This level of thumbs up or down I do think is useful. = Exposing all the
garbage is not just useless but undesirable to most = users who have neither
the skill nor the interest.
You may like complaining about spam. I know folks that do, all =
technical. No one non-technical I know ever thinks of reporting spam. = They
just wish it would go away and delete it.
Do you really think that even a tiny fraction of people have =
interest in let alone understanding of arin registration? You are = living on
some other planet.
Rich
"Geo" <georger@nls.net> wrote in message =
news:41eda4e1$1@w3.nls.net...
Please notice I said nothing about WHO an email came from (I'm in =
favor of anonymous email) but instead I said verifying WHERE an email = came
from. WHERE is useful because if you get an email from your bank = then being
able to verify that it came from your bank's email server is = a way to know if
it's been faked. You may not know anyone at the bank so = knowing WHO isn't
important.
Likewise if you receive a spam, knowing where it came from allows =
you to complain to the ISP who has the compromised host on their = network.
I'm not suggesting giving the user just the source IP, I'm =
suggesting much more than that. Give them arin registration and the = abuse or
contact address, maybe even show a map like neotrace shows. But = don't go too
far, don't have the email program automatically create a = complaint email like
the aol file as spam button did. Make it slightly = more difficult than that to
file complaints so that you don't have = stupid users hitting "file as spam"
instead of delete for an email they = got from aunt martha. They should have to
type in the contact/abuse = address to send a complaint email, that way you
don't go and overwhelm = the abuse/contact addresses like aol did.
I think it would be very useful and at the same time not raise much =
of the privacy issues that tagging each email with your personal = fingerprints
would raise, especially since all this information is = already there in the
headers or available online. It's nothing new, it's = just a way to make the
computer do the work for the user. I have = customers ask me where an email
came from quite often, it's not an = unusual request.
All I'm saying to do is answer that question, where did this email =
come from. Nothing more, not a validation process, not a secure email =
feature, just a simple answer to a simple question that users ask about = an
email. It won't solve any problems, it *will* please users.
Geo.
"Rich" <@> wrote in message news:41ec6862$1@w3.nls.net...
The headers are garbage to most and not intended to be anything =
but. They are details of the delivery infrastructure. If you want a =
mechanism that authenticates the identity of the sender you should = encourage
the use of a mechanism that provides for this like S/MIME.
Postal mail is not different. The return address is what the =
person sending the mail choose to use not who he really is. The = postmark
usually isn't useful because it only tells you one place the = mail may have
been not where it came from or who sent it.
I don't believe people would use a "where did this come from" =
button both because they don't care and because what you tell them is = usually
meaningless. What do you think most users would do with the IP = address of
and maybe one name for the machine that communicated with = their ISPs SMTP
server? I can see value in the results of a validation = like that provided by
Sender ID, SPF, or similar which gives you = something along the lines of
thumbs up or thumbs down.
Rich
------=_NextPart_000_0082_01C4FDF0.781F6BC0
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 6.00.2800.1479" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2>I didn't say know if it's real, I said =
know if it's=20
faked (as in if it claims to be from my bank but comes from a road = runner
dsl=20
line with no reverse dns then obviously this isn't my = bank.)</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>Again, I'm not trying to verify email, =
I'm simply=20
trying to describe a feature that uses existing information in every = email
and=20
puts that information in a form that is useful to most = users.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>Arin registration doesn't require any=20
understanding, if you hit "where did this come from" and the answer = comes
back=20
as having originated at an IP address in Russia and passed thru a =
machine=20
called mail.ksu.edu located at kent state university in burton oh then = you
have=20
more information about the email than you did before and without having = to
learn=20
to read headers.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>Geo.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV>"Rich" <@> wrote in message <A=20
href=3D"news:41edbb74@w3.nls.net">news:41edbb74@w3.nls.net</A>...</DIV>
<BLOCKQUOTE dir=3Dltr=20
style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; =
BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV><FONT face=3DArial size=3D2> Knowing the IP address =
doesn't tell=20
you whether the email is valid or not without more effort. This =
is the=20
whole premise behind Sender ID and SPF. This level of thumbs up =
or down=20
I do think is useful. Exposing all the garbage is not just =
useless but=20
undesirable to most users who have neither the skill nor the=20
interest.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2> You may like complaining =
about=20
spam. I know folks that do, all technical. No one =
non-technical I=20
know ever thinks of reporting spam. They just wish it would go =
away and=20
delete it.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2> Do you really think that =
even a tiny=20
fraction of people have interest in let alone understanding of arin=20
registration? You are living on some other planet.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>Rich</FONT></DIV>
<DIV> </DIV>
<BLOCKQUOTE dir=3Dltr=20
style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; =
BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV>"Geo" <<A =
href=3D"mailto:georger@nls.net">georger@nls.net</A>>=20
wrote in message <A=20
=
href=3D"news:41eda4e1$1@w3.nls.net">news:41eda4e1$1@w3.nls.net</A>...</DI=
V>
<DIV><FONT face=3DArial size=3D2>Please notice I said nothing about =
WHO an email=20
came from (I'm in favor of anonymous email) but instead I said =
verifying=20
WHERE an email came from. WHERE is useful because if you get an =
email from=20
your bank then being able to verify that it came from your bank's =
email=20
server is a way to know if it's been faked. You may not know anyone =
at the=20
bank so knowing WHO isn't important.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>Likewise if you receive a spam, =
knowing where=20
it came from allows you to complain to the ISP who has the =
compromised host=20
on their network.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>I'm not suggesting giving the user =
just the=20
source IP, I'm suggesting much more than that. Give them arin =
registration=20
and the abuse or contact address, maybe even show a map like =
neotrace shows.=20
But don't go too far, don't have the email program automatically =
create a=20
complaint email like the aol file as spam button did. Make it =
slightly more=20
difficult than that to file complaints so that you don't have stupid =
users=20
hitting "file as spam" instead of delete for an email they got from =
aunt=20
martha. They should have to type in the contact/abuse address to =
send a=20
complaint email, that way you don't go and overwhelm the =
abuse/contact=20
addresses like aol did.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>I think it would be very useful and =
at the same=20
time not raise much of the privacy issues that tagging each email =
with your=20
personal fingerprints would raise, especially since all this =
information is=20
already there in the headers or available online. It's nothing new, =
it's=20
just a way to make the computer do the work for the user. I have =
customers=20
ask me where an email came from quite often, it's not an unusual=20
request.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>All I'm saying to do is answer that =
question,=20
where did this email come from. Nothing more, not a validation =
process, not=20
a secure email feature, just a simple answer to a simple question =
that users=20
ask about an email. It won't solve any problems, it *will* please=20
users.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>Geo.</FONT></DIV>
<BLOCKQUOTE dir=3Dltr=20
style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; =
BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV>"Rich" <@> wrote in message <A=20
=
href=3D"news:41ec6862$1@w3.nls.net">news:41ec6862$1@w3.nls.net</A>...</DI=
V>
<DIV><FONT face=3DArial size=3D2> The headers are =
garbage to most=20
and not intended to be anything but. They are details of the =
delivery infrastructure. If you want a mechanism that =
authenticates=20
the identity of the sender you should encourage the use of a =
mechanism=20
that provides for this like S/MIME.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2> Postal mail is not=20
different. The return address is what the person sending the =
mail=20
choose to use not who he really is. The postmark usually =
isn't=20
useful because it only tells you one place the mail may have been =
not=20
where it came from or who sent it.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2> I don't believe =
people would use=20
a "where did this come from" button both because they don't care =
and=20
because what you tell them is usually meaningless. What do =
you think=20
most users would do with the IP address of and maybe one=20
name for the machine that communicated with their ISPs SMTP=20
server? I can see value in the results of a validation like =
that=20
provided by Sender ID, SPF, or similar which gives you something =
along the=20
lines of thumbs up or thumbs down.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>Rich</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT><FONT face=3DArial=20
size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2></FONT><FONT face=3DArial=20
=
size=3D2></FONT> </DIV></BLOCKQUOTE></BLOCKQUOTE></BLOCKQUOTE></BODY=
></HTML>
------=_NextPart_000_0082_01C4FDF0.781F6BC0--
--- BBBS/NT v4.01 Flag-5
* Origin: Barktopia BBS Site http://HarborWebs.com:8081 (1:379/45)
|