Re: "Zuck" mail?

[Paul Vixie <vixie () vix com>]

rsk () gsp org (Rich Kulawiec) writes:

> <shrug> And I think that a plausible argument can be made that what
> Facebook et.al. are doing is worse -- in the long run, not in the
> obvious/immediate sense.

if you limit it to "in the long run" i'm inclined to agree.  noting that
with half a billion users, facebook doesn't need spam for growth, they
have plenty of word of mouth and household name value going for them.  i
don't know anything about their internal operations but i'm betting that
they spend measurable money trying not to send unwanted bulk e-mail -- so
they stuff they send me is what slips through the cracks and not some
kind of thinly veiled "oops, sorry about that, click here to opt out"
scam.  but as you say, the precedent they're setting will be bad for all
of us and their behaviour WILL be used as an excuse by actual spammers.

noting, i had the opposite and a much more extreme view before i'd
actually met some facebook infosec people, to whom i've apologized.

i don't know how to be in the business facebook is in without an error
rate which when multiplied by their transaction volume and customer base
size does not result in unwanted bulk e-mail.  i'd like to see published
evidence that they're doing the best they can, and i'd like them to take
seriously the infosec community's suggestions on how to improve, but it
would never drop their outbound unwanted to zero and most of those half
billion users are happy with the deal they're getting from facebook.  what
advice -- useful, pertinent, realistic advice -- can we give to facebook?
i'm asking a serious question, because the people i know there would
listen if we weren't equating them reactionarily to childporn spammer filth.
-- 
Paul Vixie
KI6YSY
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.