[dispatch] draft-levine-herkula-oneclick, additional security consideration
Roland Turner <roland@rolandturner.com> Thu, 01 December 2016 03:46 UTC
Return-Path: <roland@rolandturner.com>
X-Original-To: dispatch@ietfa.amsl.com
Delivered-To: dispatch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2159F129441 for <dispatch@ietfa.amsl.com>; Wed, 30 Nov 2016 19:46:19 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.686
X-Spam-Level:
X-Spam-Status: No, score=-4.686 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, HTML_MESSAGE=0.001, RP_MATCHES_RCVD=-2.896, SPF_PASS=-0.001, T_DKIM_INVALID=0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (public key: not available)" header.d=rolandturner.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fmHBm3MsCd7X for <dispatch@ietfa.amsl.com>; Wed, 30 Nov 2016 19:46:17 -0800 (PST)
Received: from sg.rolandturner.com (sg.rolandturner.com [175.41.138.242]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7FC91129428 for <dispatch@ietf.org>; Wed, 30 Nov 2016 19:46:17 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=rolandturner.com; s=0.rolandturner.com; h=Content-Type:MIME-Version:Date:Message-ID:Subject:From:To; bh=wLlRT6/tog9ZwAOspFGXj6DAzMbUNqmjC6w20GQiFPI=; b=B2Jhe6+iAluT+t/ZeX2oRCXaG8NIsK8pfHon+Hrb8mfC0zLA6Q7KWwNX3T5RMr7SLE+JdDIzMwAL67weObrFi9CZ/CqB9tzBAEWDfEKjzNFu/Pf0ADAQQxSQ9yt9HxUJJpFCTLAfIlMF1xoPXxl7BxfFi6fDfRS8quGpKuPhDow=;
Received: from [116.12.149.133] (port=59168 helo=[10.100.1.141]) by sg.rolandturner.com with esmtpsa (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16) (Exim 4.76) (envelope-from <roland@rolandturner.com>) id 1cCIK7-00083K-Nb for dispatch@ietf.org; Thu, 01 Dec 2016 03:46:15 +0000
To: dispatch@ietf.org
From: Roland Turner <roland@rolandturner.com>
Message-ID: <724a13e5-e422-b55c-2b36-ba3e63620e48@rolandturner.com>
Date: Thu, 01 Dec 2016 11:46:15 +0800
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:45.0) Gecko/20100101 Thunderbird/45.4.0
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="------------A3CDEF25135CFC817E3E6ED0"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dispatch/bNA3KjxhZwJ8KkqDEC4q8bjtw5U>
Subject: [dispatch] draft-levine-herkula-oneclick, additional security consideration
X-BeenThere: dispatch@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: DISPATCH Working Group Mail List <dispatch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dispatch>, <mailto:dispatch-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dispatch/>
List-Post: <mailto:dispatch@ietf.org>
List-Help: <mailto:dispatch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dispatch>, <mailto:dispatch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 01 Dec 2016 03:46:19 -0000
The Security Considerations section mentions potential use of the mechanism to test whether an email address is valid, but does not address the probing of spam filters. This may well be a moot point given the widespread use of seed boxes by both legitimate senders and spammers, however I recall that when Gmail first introduced an unsubscribe button (in the dialogue box that could pop up if the user clicked This is Spam), they established three criteria: * that a List-Unsubscribe: header was present * that the message authenticated, and * that the sender was in good standing in terms of its complaint rate. It may be argued, with some strength, that the third item really makes no difference, but it would appear to be a relevant consideration to address in Security Considerations, and perhaps an option to suggest. - Roland
- [dispatch] draft-levine-herkula-oneclick, additio… Roland Turner
- Re: [dispatch] draft-levine-herkula-oneclick, add… John Levine
- Re: [dispatch] draft-levine-herkula-oneclick, add… Roland Turner
- Re: [dispatch] draft-levine-herkula-oneclick, add… John Levine