[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <200406240715.i5O7F235025003@turing-police.cc.vt.edu>
Date: Thu, 24 Jun 2004 03:15:02 -0400
From: Valdis.Kletnieks@...edu
To: Martin Mačok <martin.macok@...erground.cz>
Cc: bugtraq@...urityfocus.com
Subject: Re: Is predictable spam filtering a vulnerability? (silently dropping messages)
On Tue, 22 Jun 2004 16:20:02 +0200, Martin =?iso-8859-2?Q?Ma=E8ok?= <martin.macok@...erground.cz> said:
> IHMO 1: If your filter decides the message is not worth a delivery
> it's not worth a bounce too.
Not true, because...
> IMHO 3: If user Joe gets 10 delivery failures of messages that he has
> not sent and one delivery failure of message that he has
> actually sent, it is worse than if he gets nothing.
It's not worse. That bounce message for the mail you actually sent may be very
critical.... Consider the following scenarios:
1) You've been working on fixing a problem for 16 hours, and decide to call it
quits and get some sleep, so you mail your boss and co-workers with a status
update.
2) You make some trivial error (perhaps you type "steve. bill" rather than
"steve, bill".
3) The mail of course has issues.
With a bounce:
4) You get the bounce, say "D'Oh!", fix the problem, resend, and go home and
get some sleep. Steve and Bill know the status, and finish fixing it and
everything is fine.
Without a bounce:
4) You go home, and the next morning the boss rips into you for not keeping
everybody posted. Steve and Bill didn't see your note, and they've tried to
clean up after you, and only making things worse because they didn't know about
the stuff you told them in the note that bounced....
Content of type "application/pgp-signature" skipped
Powered by blists - more mailing lists