Interesting topic to me.

I've become fascinated with the notion of rejecting all incoming email 
UNLESS it has
a keyword on the subject line (COTSE.NET can perform that service). But 
that would
eliminate normal business queries.

Eventually the virus and/or spam situation will become so overwhelming 
that some special
method will have to be devised to accomplish this. I guess the idea of 
having a special
email address for EACH life situation solves some problems...

I was appalled in the early days of the www when spammers would harvest 
emails and mine
would be used as a (spoofed) return address, resulting in nasty letters 
to my me and my ISP.
People are aware of spoofing now, but it still bothers me, and it 
happens every day.

It seems to me that email protocol needs to be improved such that email 
would only be accepted
if the message could be VERIFIED from the purported sender- and if NOT 
verified then it
would be destroyed before being read.

In some states in the US here, spoofing someone else's email address is 
a misdemeaner, but
it is impossible to enforce.

--Bob

the madscientist wrote:

>actually, it can be due to server problems.  motorola sent me an email
>once meant for a different customer, not a machine generated email, but
>an answer to a question that was "privileged" (though not enough details
>to have meant much, but it easily could have revealed product plans
>etc.).  i notified them of the problem, with full source of the email
>and they were very grateful, i wound up explaining it to a couple of
>their technical people.  they didn't tell me exactly what happened, but
>they did tell me roughly how it had happened.  
>
>i agree however, electronic signatures don't solve many problems, any
>one who want to fake them deliberately can, unless they employ
>encryption, and few readers check such signatures (and if such signing
>became routine practice, you would soon see viruses imitating it, in
>fact some spam has bogus "pgp" signatures designed to fool spam
>filters).  
>
>  
>
it would be rather foolish for any admin to block the source address of

>a virus as there are several that fake this somewhat convincingly and
>you would obviously be blocking a customer (indeed, even crackers spoof
>ip numbers in real time, still, it's a valuable technique particularly
>if you've managed to corrupt routing tables).  instead, at most they
>should email back that they "may" be infected, or more likely someone
>with them in their address book is infected. 
>
>including a disclaimer/statement of "confidentiality" on email that
>isn't does tend to reduce it's legal weight, and many, many competitors
>would make full use of any such accidental disclosure.( according to the
>"cryptogram" news letter by bruce schneir).  besides, such a statement
>will have little or no deterrent value against the unscrupulous in the
>best of cases.  and, even worse there is now case law that states that
>it's ok to monitor email, any email that runs through your' machine,
>even as a relay, and to make commercial use of that information.  it is
>being appealed.  it stems from the barnes and noble case where they were
>monitoring some email sent to amazon.com users and making them offers
>for the same books apparently.  several of the people involved plead
>guilty under a plea-bargaining arraignment, but one was found not guilty
>as a judge decided that the wire tap laws have no application to email,
>and therefore there was no crime!  the ruling implies that any email you
>send carries with it no legal expectation to privacy what so ever, at
>least in the U.S., or if it simply goes through a relay in the U.S.
>
>further, with some of the bogus "hacking" cases that have been tried
>lately it's debatable whether you should even report it to the sender
>(people have been charged, arrested, and plea-bargained after bringing
>to light security holes which they accidentally discovered, promptly
>reported to the machines administrator/owner, and did not make any use
>of.  in fact in one case they plead guilty to a felony, which has long
>standing consequences for their employability, basically destroying
>their professional life).
>
>once again, we have policy makers and the courts ruling on things they
>don't understand, and making some very alarming decisions.  if it really
>needs to be private, you'd better mail it, that's about all that is well
>protected at all, or use strong encryption.
>
>Nate Duehr wrote:
>------
>  
>
>>The only way I would ever RECEIVE such a message is if:
>>a) You accidentally sent it to me, thus negating the restriction on "who
>>it was intended for".
>>b) Some mail adminstrator so screwed up his mail server that he copied
>>it into my personal Inbox.
>>c) Pursuant to the other discussion about signatures/encryption -- some
>>dude (easily) sniffed your mail traffic and forwarded it to me.  And if
>>    
>>
>-----
>
>  
>


-- 
Note: Attachments must be sent to
 attach@engineer.cotse.net, and 
 MAY delay replies to this message.
        520-219-2363

_______________________________________________
http://www.piclist.com PIC/SX FAQ & list archive
View/change your membership options at
http://mailman.mit.edu/mailman/listinfo/piclist