Re: [Asrg] request for review for a non FUSSP proposal

Claudio Telmon <> Mon, 22 June 2009 21:44 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 79FDE3A6B55 for <>; Mon, 22 Jun 2009 14:44:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -0.318
X-Spam-Status: No, score=-0.318 tagged_above=-999 required=5 tests=[AWL=0.401, BAYES_00=-2.599, HELO_EQ_IT=0.635, HOST_EQ_IT=1.245]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id zKUcJifHaH1k for <>; Mon, 22 Jun 2009 14:44:55 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id 381683A6898 for <>; Mon, 22 Jun 2009 14:44:55 -0700 (PDT)
Received: from ([::ffff:]) by via I-SMTP-5.6.0-560 id ::ffff:; Mon, 22 Jun 2009 23:45:09 +0200
Message-ID: <>
Date: Mon, 22 Jun 2009 23:45:08 +0200
From: Claudio Telmon <>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv: Gecko/20090318 Lightning/0.8 Thunderbird/ Mnenhy/
MIME-Version: 1.0
To: Anti-Spam Research Group - IRTF <>
References: <> <> <> <>
In-Reply-To: <>
X-Enigmail-Version: 0.95.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Subject: Re: [Asrg] request for review for a non FUSSP proposal
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: Anti-Spam Research Group - IRTF <>
List-Id: Anti-Spam Research Group - IRTF <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 22 Jun 2009 21:44:56 -0000

Paul Russell wrote:
> On 6/22/2009 17:12, Claudio Telmon wrote:
>> Well, this stream doubling is something many already do, keeping one
>> address for close friends and business partners, not disclosing it in
>> order to avoid spam and other messages. But again you're right, the
>> framework would need reach a critical mass in some time, or it would be
>> abandoned even by early adopters.
> Back in the day when most spammers obtained addresses by harvesting them from
> web pages, you could, for the most part, keep a mailbox spam-free by disclosing
> your email address only to those from whom you wanted to receive email.  The sun
> set on that scene long ago.  Spammers generate potential recipient addresses
> based on common names and naming schemes, or harvest them from address books and
> private mail archives on compromised systems.  Security by obscurity seldom
> works for very long.

In this respect, the framework should be effective, since spammers would
also need to generate the consent token, which they can't. When
harvesting email addresses (and tokens) from compromised systems, the
framework provides a way to detect who was compromised and to invalidate
the token.


Claudio Telmon