NYCPHP Meetup

[Anirudh Zala]

On Fri, 15 Sep 2006 20:55:34 +0530, Keith Casey  
<mailinglists at caseysoftware.com> wrote:

> On 9/15/06, Anirudh Zala <arzala at gmail.com> wrote:
>> 1) The biggest area of this problem is browser. Not because that it is
>> being exploited in many ways but why can't browser itself provide basic
>> level of validation and input filtering like validations of name, email
>> address, phone, fax, mobile etc. according to country or region.
>
> With all due respect, this is a terrible idea.
>
> While this validation *might* work for an incredibly small segment of
> information - like address as you rightly note - it pushes a huge
> burden onto the browser and then the webapp still needs to do it
> anyway.  *Nothing* that comes from a user (or anything they have
> access to edit) can be trusted.  Period.  End of story.

This is good point "Nothing can be trusted." This is similar like  
validating client data using JS. But from client point of view, can't  
browser help bit to filter input directly from there and ask client to  
make necessary corrections? I am not just thinking in terms of Security  
only. But overall view says that such implementations can benefit clients  
as well and then at application level we can at least be relieved about  
format of data (which is 1st level of security checks).

Security, Spamming are matter of possibility and probability. Whenever  
there is rise of security threats, we have to invent new ways to increase  
level of protection to avoid such threats. There is not 100% solution of  
such problems, hence if there arise "Probability" of more threats we can  
increase "Possibility" of being unaffected from that by improving our  
current ways or inventing new ways.

>
> In terms of "stopping 70% of the spam", I think your solution - while
> it works for you for now - doesn't address the real problem.  Although
> most of us on this list are likely getting dozens, hundreds or
> potentially thousands of spam today, our filtering (automated or
> mental) bring this down to a managable level.  We're suffering from
> spam, but not like my grandparents who have had the same AOL address
> for 7+ years.  They don't have the tools, time, patience, or
> creativity to do what you propose.  Now I don't have a solution that'd
> work for them either... so I'm no better off.

I understand what you mean, but if it doesn't address the real problem  
then what is the real domain? I think there is not any single domain area  
of this problem. There are 2 kinds of spammers:

1: Which collects REAL email addresses from various places like blogs,  
company websites, mailing lists etc and send spam mails and
2: Which use certain kind of algorithm by which they can generate email  
addresses automatically (for example by using letters, one easily generate  
that "foo at bar.com" email address will surely exists on most of popular  
email services like Yahoo, Hotmail, AOL etc.) and sends spam mails with  
probability (which 90% out of 100%) of having such email address.

We can not do much to stop spamming arising out of 2nd problem. But for  
1st, we can surely try and test various ways which can be beneficial to  
everyone. Now it is up to that person whether to use that technique or not  
(depending upon importance of emails address or having time to invent or  
apply new or already existing techniques.)

But point is that; just to remain disappointed by accepting that "this  
problem doesn't have any bullet proof solution", we are increasing  
possibility of receiving more spams. Instead why not to invent new ways to  
stop it at certain level (again matter of possibility and probability.)

Good conversations so far :) Thanks all.

Anirudh Zala

-----------------------------------------------
Anirudh Zala (Project Manager)
ASPL, http://www.aspl.in
arzala@@gmail.com
-----------------------------------------------

>
> My 0.02,
>
> kc
-- 
-----------------------------------------------
Anirudh Zala (Project Manager)
ASPL, http://www.aspl.in
arzala@@gmail.com
-----------------------------------------------