On 4/30/10 11:24 AM, John Levine wrote: >> We need to be precise about what we mean by "trustworthy". Even if I >> have "some way to identify trustworthy lists" as you put it above, I >> have to be very clear about what I'm actually trusting that list to do. >> > When I sign up for a list, I trust it to send me mail that I am > willing to receive. Is there any other understanding of mailing > lists that people have? > Perhaps this concern should be viewed in how different email might be perceived. When people are mislead into believing you recommended some clever script, they might be tempted to give it a try. Just following a link could expose recipients to possible zero day exploits. This type of social engineering is ongoing, where theft of financial information has risen dramatically in the last two years.
Exploits are regularly found in browser extensions like Adobe Flash, Acrobat, Java, and Active-X, where many are patched and reported in comparatively long periods after initial discoveries. Malware taking advantage of these exploits often becomes modified in less than six hours. Once a patch is published, it event is often followed by a flood of more malware, since it educates other writers. While you may not be concerned, think of financial institutions seeing people's accounts ransacked. Whether they use their transactional domain, or some lesser known one, the need for security does not really change. -Doug _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
