Politech mailing list archives
FC: MailFrontier.net, poor anti-spamware, and future of mailing lists
From: Declan McCullagh <declan () well com>
Date: Sun, 11 May 2003 12:53:16 -0400
When you request to subscribe to Politech (http://www.politechbot.com/info/subscribe.html), you get a message back from my server's majordomo application saying "please respond to verify that you really do want to join the list."
A few moments ago, a poor implementation of a challenge-response (C-R) system -- in this case, the one sold by MailFrontier.net -- requested that majordomo-owner click on a link in that reply email. MailFrontier.net's email to majordomo-owner should *never* have been generated because the new Politech subscriber (I know this for a fact) requested to be added to the mailing list by contacting majordomo in the first place.
It is true that verifying one user manually is not a problem. I did it. But Politech receives hundreds of new signups per month, and if dumb C-R systems become widely adopted, verifying hundreds of users per month will present a significant burden. It removes the benefits of having automated authentication via majordomo -- I might as well go back to the way I did it circa 1995, which was editing a text file by hand!
Actually, it's even worse than that. The initial confirmation messages come from my server's majordomo address, which I'll need to manually verify when interacting with flawed C-R system. But most messages to Politech come from declan () well com, which I may need to manually verify as well, doubling the amount of work required. And if I ever send mail to Politech from another email address, as I have as recently as the last few weeks, that means another round of confirmations. (FYI you should whitelist by Sender: owner-politech)
My reluctant conclusion is that C-R systems with flawed implementations have the potential to end legitimate mailing lists as we know them today.
For a C-R system to work properly, it will need to be tightly integrated with the mail client (so it knows who you contacted) and probably understand a little about popular mailing list software like majordomo, mailman, and Listserv. It's easier for C-R companies providing web-based email. For everyone else using software like Eudora and Outlook, that probably means plugins, an email proxy service, or a new email standard that Microsoft, Qualcomm, and others, like the folks maintaining mutt and pine, would have to embrace.
I don't see that happening anytime soon. -Declan PS: Dave Farber, who runs the IP list, sent out this warning a few days ago:
If I start getting a flood of challenges from earthlink ipers that require my response I will most likely declare them SPAM and you will stop receiving IP mail. I fully expect this to be the case for almost all the legitimate mailing lists you are on and count on. See if their system allows you to pre-approve lists you are on else ....
--- From: [deleted to protect the guilty].net Subject: Re: Confirmation for subscribe politech To: Majordomo-Owner [at] politechbot.com Date: Sun, 11 May 2003 10:16:39 -0400 (EDT) [-- Attachment #1 --] [-- Type: multipart/alternative, Encoding: 7bit, Size: 4.0K --]Thank you for sending me your email with the subject "Confirmation for subscribe
+politech". I really want to receive your email. In an effort to eliminate junk email, I am using MailFrontier Matador. Matador has placed your message on hold. Please click the link below so you will be added to my Allowed people list, I will receive your email, and we will be able to communicate freely going +forward. <http://c.mailfrontier.net/c/7d0b2b90ae/[deleted]> If you can not click on the link above, copy and paste the URL above directly +into your browser. A note from [deleted]: Sorry guys, I had to do this, just TOO much spam. --------------------------------------------------- This mailbox protected from junk email by Matador from MailFrontier, Inc. http://www.mailfrontier.com [-- Attachment #2 --] [-- Type: image/gif, Encoding: base64, Size: 1.4K --] [-- image/gif is unsupported (use 'v' to view this part) --] [-- Attachment #3 --] [-- Type: image/gif, Encoding: base64, Size: 2.8K --] [-- image/gif is unsupported (use 'v' to view this part) --] ------------------------------------------------------------------------- POLITECH -- Declan McCullagh's politics and technology mailing list You may redistribute this message freely if you include this notice. ------------------------------------------------------------------------- To subscribe to Politech: http://www.politechbot.com/info/subscribe.html This message is archived at http://www.politechbot.com/ Declan McCullagh's photographs are at http://www.mccullagh.org/ Like Politech? Make a donation here: http://www.politechbot.com/donate/ -------------------------------------------------------------------------
Current thread:
- FC: MailFrontier.net, poor anti-spamware, and future of mailing lists Declan McCullagh (May 11)