Loading ...
Sorry, an error occurred while loading the content.

mailsword - possible problems

Expand Messages
  • Mary Arthur
    This comes from another mailing list I read and I have copied it as it raises some interesting questions: I surfed around Mailblocks s
    Message 1 of 1 , Aug 19, 2003
    • 0 Attachment
      This comes from another mailing list I read and I have copied it as it
      raises some interesting questions:

      I surfed around Mailblocks's http://www.mailblocks.com site, and didn't
      see any explanation of two concerns I have about challenge-response
      "prove-you-love-me" (PYLM) systems:

      (1) What if Adam uses a PYLM system and Betty uses a competing
      system. Adam sends Betty an email, but isn't a trusted sender.
      Betty's PYLM sends a confirmation request to Adam, but her PYLM isn't
      a trusted sender. Adam's PYLM then sends a confirmation request to
      Betty (or her PYLM). At worst, a mail loop ensues. At best, Adam's
      mail never reaches Betty. I can see a number of ways to partially
      address this problem, but every one of these workarounds (and it
      appears that a successful system would have to use several) would
      open potential exploits to spammers.

      (2) Adolf is a spammer. He discovers that every time he sends an
      email to Betty, her PYLM sends a confirmation request to the apparent
      sender of the email. Cool! Adolf crafts a spam-spewing machine that
      spits out thousands of emails addressed to Betty with forged headers
      that make it appear that the mail comes from his handy "16.4 million
      v-e-r-i-f-i-e-d email addresses" CD. Betty's PYLM dutifully delivers
      the payload to *our* inboxes. Again, there are workarounds but,
      again, every one of them has side effects.

      PYLM strikes me as one of those solutions that is simple in concept
      but difficult or impossible to implement in the real world. The devil
      is, indeed, in the details.


      http://www.afhs.ab.ca
    Your message has been successfully submitted and would be delivered to recipients shortly.