[35486] in bugtraq
Re: Is predictable spam filtering a vulnerability? (silently dropping messages)
daemon@ATHENA.MIT.EDU (Valdis.Kletnieks@vt.edu)
Fri Jun 25 00:29:55 2004
Message-Id: <200406240715.i5O7F235025003@turing-police.cc.vt.edu>
To: Martin =?iso-8859-2?Q?Ma=E8ok?= <martin.macok@underground.cz>
Cc: bugtraq@securityfocus.com
In-Reply-To: Your message of "Tue, 22 Jun 2004 16:20:02 +0200."
<20040622142002.GB2855@josefina.dcit.cz>
From: Valdis.Kletnieks@vt.edu
Mime-Version: 1.0
Content-Type: multipart/signed; boundary="==_Exmh_1318661500P";
micalg=pgp-sha1; protocol="application/pgp-signature"
Content-Transfer-Encoding: 7bit
Date: Thu, 24 Jun 2004 03:15:02 -0400
--==_Exmh_1318661500P
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable
On Tue, 22 Jun 2004 16:20:02 +0200, Martin =3D?iso-8859-2?Q?Ma=3DE8ok?=3D=
<martin.macok@underground.cz> said:
> IHMO 1: If your filter decides the message is not worth a delivery
> it's not worth a bounce too.
Not true, because...
> IMHO 3: If user Joe gets 10 delivery failures of messages that he has
> not sent and one delivery failure of message that he has
> actually sent, it is worse than if he gets nothing.
It's not worse. That bounce message for the mail you actually sent may b=
e very
critical.... Consider the following scenarios:
1) You've been working on fixing a problem for 16 hours, and decide to ca=
ll it
quits and get some sleep, so you mail your boss and co-workers with a sta=
tus
update.
2) You make some trivial error (perhaps you type "steve. bill" rather tha=
n
"steve, bill".
3) The mail of course has issues.
With a bounce:
4) You get the bounce, say "D'Oh!", fix the problem, resend, and go home =
and
get some sleep. Steve and Bill know the status, and finish fixing it and
everything is fine.
Without a bounce:
4) You go home, and the next morning the boss rips into you for not keepi=
ng
everybody posted. Steve and Bill didn't see your note, and they've tried=
to
clean up after you, and only making things worse because they didn't know=
about
the stuff you told them in the note that bounced....
--==_Exmh_1318661500P
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001
iD8DBQFA2n91cC3lWbTT17ARArJoAKDvgjcF4xnk5coSbacCUAF0uT5EvQCfYBIs
R8fvSSLP4D3MdZo+IM0Dqwk=
=8/mS
-----END PGP SIGNATURE-----
--==_Exmh_1318661500P--
