[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Pasting in From:
On 2 Dec 1997, Charlie Comsec wrote:
> As long as blocking requests are authenticated with some sort of "cookie"
> token scheme, that would be acceptable. That goes for INDIVIDUAL blocking
> requests.
I used to require that people reply to a confirmation message before I
would block them, but it was really too much effort. I check the headers,
and as long as it looks like the request came from them, I block them and
send them a message that they are blocked, so at least if it's a spoofed
request, they will know they have been spoofed.
> Somewhat more discretion ought to be used for requests to block
> an entire domain. That should probably only be done upon request from the
> "postmaster" at that domain, and when an entire domain is blocked,
I do exactly that, or require a request from the internic-listed contact.
> The problem with eliminating any feature that gets abused is that it's an open
> invitation for someone to deliberately abuse it just to get it eliminated.
> Whenever possible, a solution should be sought which eliminates abuse while still
> allowing legitimate use.
Agreed, and I think I've worked out a reasonable compromise, because even
if you do try to forge somebody, it should scream, "Hey, you should be
suspicious about where this really came from."
Andy Dustman / Computational Center for Molecular Structure and Design
For a great anti-spam procmail recipe, send me mail with subject "spam".
Append "+spamsucks" to my username to ensure delivery. KeyID=0xC72F3F1D
Encryption is too important to leave to the government. -- Bruce Schneier
http://www.athens.net/~dustman mailto:[email protected] <}+++<