[clue-talk] Linked In CLUE Group?
Nate Duehr
nate at natetech.com
Fri Nov 28 15:30:01 MST 2008
Jed S. Baer wrote:
> What? They're all using unsolicted commerical e-mail to make money.
The difference between LinkedIn and real UCE is that they're using
personal references from friends of yours, or at least people who have
you in their address book. (And if you're a public figure in lots of
people's address books, you probably should have a public and a private
e-mail address in today's world.)
Want your friends to stop giving your e-mail address to people like
LinkedIn? Tell them to knock it off. (Or get better friends? Heh.)
Threaten them with painful deaths if they give out your priavte e-mail
address to anyone. Works pretty well with real friends, I hear. (Well,
they know you're kidding about the death part, they laugh, and they
respect your wishes.)
If e-mail were a properly identified and authenticated system by now,
(which is technically possible, and not done for whatever stupid
reasons), it'd be easy to ignore spammers or anyone else you want to
send to the bit-bucket. More time is wasted on backward-compatibility
and "scanning" for naughty words and phrases in modern "spam fighting"
than in just changing the system to be spam unfriendly.
For those REALLY lost souls, who are hoping the Net will someday go back
to being like it was before it was commercialized... yeah, well, um...
good luck with that. Ten years or more water, long under the bridge.
E-mail is used wrong by both the good and the bad guys, mostly because
e-mail systems refuse to evolve.
In today's Net environment, all mail servers should be exchanging real
credentials (TLS/SSL certificates are fine for this) between each other
before any mail is allowed to pass, and the source of any message should
be traceable back to a real live body with a personal PKI key.
That hasn't happened for some reason, and everyone bitches about spam.
That's just dumb, isn't it? Do what you always did, get what you always
got, right?
My mail server allows TLS connections and there's a whopping three
people I communicate with that I can GUARANTEE the message came from
them, all the way through the logs, because of it. Would love to get
more aggressive about only accepting TLS connections, but we're not
there yet. Thus, the mail server's still using a self-signed cert.
Would also upgrade if there were any sign of a real movement toward
authenticated and encrypted mail delivery at the MTA level. But with
99.9%+ of my mail still arriving without TLS -- it doesn't look like
I'll be doing that any time soon.
Nate WY0X
More information about the clue-talk
mailing list