![[SpamCop.net - protecting the internet through technology]](http://news.spamcop.net/newlogo.jpg)
[SC-Help] Re: Getting balcklisted
John E. Malmberg
wb8tyw at qsl.network
Wed Jan 12 11:43:57 EST 2005
In article <cs3i7e$nio$1 at news.spamcop.net>,
"Iain" <ipmarketing at spamcop.net> writes:
Please stop top posting and not trimming.
Normal communication mode for newsgroups is to post directly under the
statement you are commenting on, and deleting as much of the previous message
as possible with out losing context. Look at the format of all the replies
that you have received so far.
> Obviously there is no way to not send the first welcome message and this may
> go to the wrong person.
>
> Sending people Email links to log into banking/tax
> services is another concern. So in the same way you say people will never
> click an unsubscribe link (you'd not click an unsubsctibe link going to
> www.irs.gov? - not that this is for the IRS, but you get my point?) then
> people might also not follow-through on an Email link that results in them
> being asked for their login credentials!
If the person's e-mail client has HTML enabled, phishers and spammers can
hide the URLs so that it looks like an unsubscribe link is going to a different
address.
The only people that you can expect to reply or click on a confirmation link
are the people who requested the information.
Until someone replies to the message or clicks on the confirmation link, you
do not have any proof that the e-mail address is good.
For lists that mail less than once a month on average, it is a good idea to
require annual resubscriptions.
HTML formatted mail, or mail with any attachments should not be sent to anyone
that has not expressly stated that they want HTML formatted mailings.
It should not be the default setting. Having HTML in a message increases
the risk that a poorly implemented spam filter will discard the message.
> There are ways to mitigate the phishing risk (which I'll not go into here),
> but my point is, the 'obvious' best practice from an anti-spam point of view
> may not be the 'best practice' from an anti-phishing perspective. So it's
> all a balance...hence the churning of thoughts :-)
A phish e-mail is not expected. Therefore clicking on it or responding
to it is not advised.
A confirmation request for information that was not recently requested is
not expected, therefore clicking on it or responding is not advised.
A confirmation request for information that was recently requested is something
that you can assume safe to respond to.
If someone is still vulunerable to phishing, the only way to protect them is
to keep them away from internet e-mail and allow no unscreened incoming phone
calls.
-John
wb8tyw at qsl.network
Personal Opinion Only
More information about the SpamCop-Help
mailing list