Re: [Asrg] whitelisting links (was Re: misconception in SPF)

Michael Thomas <mike@mtcc.com> Mon, 10 December 2012 18:50 UTC

Return-Path: <mike@mtcc.com>
X-Original-To: asrg@ietfa.amsl.com
Delivered-To: asrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 70F5F21F855D for <asrg@ietfa.amsl.com>; Mon, 10 Dec 2012 10:50:38 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id B02GvJDwxL8u for <asrg@ietfa.amsl.com>; Mon, 10 Dec 2012 10:50:37 -0800 (PST)
Received: from mtcc.com (mtcc.com [IPv6:2001:5a8:4:9fe0:224:8cff:feaa:6d9b]) by ietfa.amsl.com (Postfix) with ESMTP id C6E1021F862E for <asrg@irtf.org>; Mon, 10 Dec 2012 10:50:30 -0800 (PST)
Received: from piolinux.mtcc.com (63-171-70-53.dsl.volcano.net [63.171.70.53] (may be forged)) (authenticated bits=0) by mtcc.com (8.14.3/8.14.3) with ESMTP id qBAIoKwq016282 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 10 Dec 2012 10:50:21 -0800
Message-ID: <50C62EE8.7010908@mtcc.com>
Date: Mon, 10 Dec 2012 10:50:16 -0800
From: Michael Thomas <mike@mtcc.com>
User-Agent: Thunderbird 2.0.0.14 (X11/20080501)
MIME-Version: 1.0
To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
References: <20121206212116.10328.qmail@joyce.lan> <50C1A95A.5000001@pscs.co.uk> <50C4A7F8.3010201@dcrocker.net> <CAFdugamTbTirVV2zXKOmc9oTaCS+QiTemhT=jvYJnHYscHQK7g@mail.gmail.com> <0D79787962F6AE4B84B2CC41FC957D0B20ACE6D0@ABN-EXCH1A.green.sophos> <20121209213307.D90C12429B@panix5.panix.com> <CAFduganBR_E-ui-3Xbic6F7qSmg1-Q+ideXLvb+1isLz8OF0Nw@mail.gmail.com> <0D79787962F6AE4B84B2CC41FC957D0B20ACFFE1@ABN-EXCH1A.green.sophos> <50C5A9A0.105@pscs.co.uk> <0D79787962F6AE4B84B2CC41FC957D0B20AD01B2@ABN-EXCH1A.green.sophos> <20121210145627.GA21217@gsp.org> <50C6121D.9040607@dcrocker.net> <50C617A2.8090602@pscs.co.uk> <50C62451.30608@bbiw.net>
In-Reply-To: <50C62451.30608@bbiw.net>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; l=729; t=1355165422; x=1356029422; c=relaxed/simple; s=thundersaddle.kirkwood; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=mtcc.com; i=mike@mtcc.com; z=From:=20Michael=20Thomas=20<mike@mtcc.com> |Subject:=20Re=3A=20[Asrg]=20whitelisting=20links=20(was=20 Re=3A=20=20misconception=20in=20SPF) |Sender:=20 |To:=20Anti-Spam=20Research=20Group=20-=20IRTF=20<asrg@irtf .org> |Content-Type:=20text/plain=3B=20charset=3DISO-8859-1=3B=20 format=3Dflowed |Content-Transfer-Encoding:=207bit |MIME-Version:=201.0; bh=yYbmM/xd9TI4w6NRW0NfmoUF7Hr5TOtctGAULncoxNM=; b=tB4+f5gSClGwCfOmJDlHYE/aUGq30nQDZn+YHTxFb5WumoACrdjEprnQGJ 3rrrmNEGBv4JejXMAT/YQcYN9o45EaU+ORS+DSrBkdWfZJVJVnGZnp374Tp+ hz2fwnKOxM1xrjWhqABbYbr8Lgmihv8yetQ6lXCP5XMfe+BbXg5T0=;
Authentication-Results: mtcc.com; v=0.1; dkim=pass header.i=mike@mtcc.com ( sig from mtcc.com/thundersaddle.kirkwood verified; ); dkim-asp=pass header.From=mike@mtcc.com
Cc: Dave Crocker <dhc@dcrocker.net>
Subject: Re: [Asrg] whitelisting links (was Re: misconception in SPF)
X-BeenThere: asrg@irtf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
List-Id: Anti-Spam Research Group - IRTF <asrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/asrg>, <mailto:asrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/asrg>
List-Post: <mailto:asrg@irtf.org>
List-Help: <mailto:asrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Dec 2012 18:50:38 -0000

Dave Crocker wrote:
> 
> 
> On 12/10/2012 9:10 AM, Paul Smith wrote:
>> Surely this would be a browser feature (or 'Internet Security Software'
>> feature) rather than an email client feature.
>>
>> The email client will not necessarily have any access to web browser
>> history.
> 
> Sorry. I was too cryptic.  My suggestion was a whitelist that is shared 
> with the browser and the MUA, vetted by the user.  It's not about one 

We thought of this 5-6 years ago and even filed ipr on it as I recall. But
that was in a time when people mostly had one desktop/laptop. I would think
that the advent of phones, tablets, etc would significantly increase the complexity
and most likely false-positive rate.

Mike