Re: (phishing use case?) eBay Registration Suspension

Pau,

I didn't intend to make spam a major focus of the project by any means - and 
labelling an e-mail as being genuine is never going to be the whole answer 
by any means! Simply that as we're building a system that support 
machine-readable statements like "you can trust the medical information in 
this website" or "you can trust this company with your credit card" then 
there may well be scope for application that says "you can trust the medical 
information in this e-mail" or "this is a genuine offer from a company that 
adheres to a published code of practice including providing a functioning 
unsubscribe link."

As for country-specific digital IDs? Yuk! We don't have national ID cards 
here - although the most totalitarian government Britain has suffered in 
peacetime is about to bring them in. I think you see where I'm coming from!

Looking forward to next week's meeting.

Phil.


----- Original Message ----- 
From: "pau" <pau.wma@comb.es>
To: "'Phil Archer'" <phil.archer@icra.org>; "'Dan Brickley'" <danbri@w3.org>
Cc: <public-quatro@w3.org>; "Angela Leis" <mleis.wma@COMB1.org>
Sent: Friday, January 07, 2005 11:07 AM
Subject: RE: (phishing use case?) eBay Registration Suspension



of
my opinions on it, and will speak face by face on it next week more
confortable.

   1) Each one of the countries of the UE Community can have different laws
regarding bulk e-mail. (Spain can put fines on people sending more than "4
messages" sent to different people without direct acceptance of them, I
think it's a very much restricted law...).
   2) You can make a quick-test of the message, to check if it's unsolicited
e-mail (spam), but there are lots of things like anti-spam filters on the
market (Imail, our mail server has one, and we use another for it, kwown as
declude), and there are some others freeware (spamassasin for linux f.e.).
   3) DSig is a new tech stage, users are still testing it. I've got my own
Spanish Government certificate always with me, but I'm pretty sure no more
than 1% of the Spanish people do as me, and a personal assumption of the
home-user deployment could be 15% of population (I think optimist); and
truly believe the main reason for them to use the certificate is the quick
payment of the taxes (made once a year). Most of them will loose their
certificate and will be no able of renovate it due to hardware problems
(remember we're talking here about software cert).
   4) DSig makes no added value to any spam filter of any third party
program. People will trust in a program that makes him out of spam, not a
one that gives him a message about trusting a digital certificate.
   5) Maybe this could be a great deal to develop:
     - Put in contact with any free antispam solution for windows.
     - Add them a plugin to send any spam they receive to the police/law
forces, selecting the country they live in.


   See U next week:

     Pau

-----Mensaje original-----
De: public-quatro-request@w3.org [mailto:public-quatro-request@w3.org] En
nombre de Phil Archer
Enviado el: jueves, 06 de enero de 2005 15:37
Para: Dan Brickley
CC: public-quatro@w3.org
Asunto: Re: (phishing use case?) eBay Registration Suspension


>>
>> The idea of adding a label to "legitimate" bulk e-mail has often been
>> talked about, notably at the Direct Marketing Association. I _believe_
>> they're instinctively against it, however, are seeing it as inevitable.
>
> A label that couldn't be copied by sleazier spammers?

That's where thre DSig/look-up/analysis comes in. A machine can probably
take a look at the headers and make a pretty good guess as to whether e-mail

is genuine or phishing? And yes, a side panel is well on target - the
project plan calls it a metadata visualiser but we'll work out a better name

than that. Andrea is in charge of that WP.

Phil.

Received on Friday, 7 January 2005 13:02:04 UTC