RE: (phishing use case?) eBay Registration Suspension from pau on 2005-01-07 (public-quatro@w3.org from January 2005)

From: pau <pau.wma@comb.es>
Date: Fri, 7 Jan 2005 12:07:42 +0100
To: "'Phil Archer'" <phil.archer@icra.org>, "'Dan Brickley'" <danbri@w3.org>
Cc: <public-quatro@w3.org>, "Angela Leis" <mleis.wma@COMB1.org>
Message-ID: <6F9F08FB9A345048BE8DFB7136B3D3200C6182@UNTDC.COMB1.org>

of
my opinions on it, and will speak face by face on it next week more
confortable.
 
   1) Each one of the countries of the UE Community can have different laws
regarding bulk e-mail. (Spain can put fines on people sending more than "4
messages" sent to different people without direct acceptance of them, I
think it's a very much restricted law...).
   2) You can make a quick-test of the message, to check if it's unsolicited
e-mail (spam), but there are lots of things like anti-spam filters on the
market (Imail, our mail server has one, and we use another for it, kwown as
declude), and there are some others freeware (spamassasin for linux f.e.).
   3) DSig is a new tech stage, users are still testing it. I've got my own
Spanish Government certificate always with me, but I'm pretty sure no more
than 1% of the Spanish people do as me, and a personal assumption of the
home-user deployment could be 15% of population (I think optimist); and
truly believe the main reason for them to use the certificate is the quick
payment of the taxes (made once a year). Most of them will loose their
certificate and will be no able of renovate it due to hardware problems
(remember we're talking here about software cert).
   4) DSig makes no added value to any spam filter of any third party
program. People will trust in a program that makes him out of spam, not a
one that gives him a message about trusting a digital certificate.
   5) Maybe this could be a great deal to develop:
     - Put in contact with any free antispam solution for windows.
     - Add them a plugin to send any spam they receive to the police/law
forces, selecting the country they live in.


   See U next week:

     Pau

-----Mensaje original-----
De: public-quatro-request@w3.org [mailto:public-quatro-request@w3.org] En
nombre de Phil Archer
Enviado el: jueves, 06 de enero de 2005 15:37
Para: Dan Brickley
CC: public-quatro@w3.org
Asunto: Re: (phishing use case?) eBay Registration Suspension


>>
>> The idea of adding a label to "legitimate" bulk e-mail has often been
>> talked about, notably at the Direct Marketing Association. I _believe_
>> they're instinctively against it, however, are seeing it as inevitable.
>
> A label that couldn't be copied by sleazier spammers?

That's where thre DSig/look-up/analysis comes in. A machine can probably 
take a look at the headers and make a pretty good guess as to whether e-mail

is genuine or phishing? And yes, a side panel is well on target - the 
project plan calls it a metadata visualiser but we'll work out a better name

than that. Andrea is in charge of that WP.

Phil.

Received on Friday, 7 January 2005 12:48:27 UTC