[clue-talk] Linked In CLUE Group?

Nate Duehr nate at natetech.com
Fri Nov 28 15:30:01 MST 2008 

Jed S. Baer wrote:

> What? They're all using unsolicted commerical e-mail to make money. 

The difference between LinkedIn and real UCE is that they're using 
personal references from friends of yours, or at least people who have 
you in their address book.  (And if you're a public figure in lots of 
people's address books, you probably should have a public and a private 
e-mail address in today's world.)

Want your friends to stop giving your e-mail address to people like 
LinkedIn?  Tell them to knock it off.  (Or get better friends?  Heh.) 
Threaten them with painful deaths if they give out your priavte e-mail 
address to anyone.  Works pretty well with real friends, I hear.  (Well, 
they know you're kidding about the death part, they laugh, and they 
respect your wishes.)

If e-mail were a properly identified and authenticated system by now, 
(which is technically possible, and not done for whatever stupid 
reasons), it'd be easy to ignore spammers or anyone else you want to 
send to the bit-bucket.   More time is wasted on backward-compatibility 
and "scanning" for naughty words and phrases in modern "spam fighting" 
than in just changing the system to be spam unfriendly.

For those REALLY lost souls, who are hoping the Net will someday go back 
to being like it was before it was commercialized... yeah, well, um... 
good luck with that.  Ten years or more water, long under the bridge.

E-mail is used wrong by both the good and the bad guys, mostly because 
e-mail systems refuse to evolve.

In today's Net environment, all mail servers should be exchanging real 
credentials (TLS/SSL certificates are fine for this) between each other 
before any mail is allowed to pass, and the source of any message should 
be traceable back to a real live body with a personal PKI key.

That hasn't happened for some reason, and everyone bitches about spam. 
That's just dumb, isn't it?  Do what you always did, get what you always 
got, right?

My mail server allows TLS connections and there's a whopping three 
people I communicate with that I can GUARANTEE the message came from 
them, all the way through the logs, because of it.  Would love to get 
more aggressive about only accepting TLS connections, but we're not 
there yet.  Thus, the mail server's still using a self-signed cert.

Would also upgrade if there were any sign of a real movement toward 
authenticated and encrypted mail delivery at the MTA level.  But with 
99.9%+ of my mail still arriving without TLS -- it doesn't look like 
I'll be doing that any time soon.

Nate WY0X

More information about the clue-talk mailing list