In message <6585e535.11582.3a72...@postmaster.inter-corporate.com>, Randolf Richardson, Postmaster via mailop <mailop@mailop.org> writes
>> The most commonly seen method of tracking is probably inclusion of >> specifically crafted links in the message, that refer to a tracking server >> run by the sender, so the sender knows if the recipient clicked on a link in >> the message. > > You're entirely correct -- thanks for adding this as I wasn't even >thinking of it. ask most any ESP .. this works poorly these days, robots click on the links to make sure they are safe and mailbox provides pre-fetch images for reasons of performance, safety and (tada !) to make tracking harder >> > Some of our clients are investigators, lawyers, etc., who >> > occasionally need high quality (read "reliable") evidence for the >> > cases they're working on. DKIM, when available, makes it easier to >> > authenticate eMail evidence in a way that can satisfy these needs. people who speculate about lawyers need are generally not lawyers. I've been an expert witness on email related cases often enough to know that they are often perfectly satisfied to have a description of a well- formed set of Received header fields... ... usual quote : if you think cryptography solves your problem then you don't understand cryptography and you don't understand your problem Investigators are even less interested in proof, they're reading all the headers, checking DNS records and jumping to (usually plausible) conclusions ! > Some of the investigators I've dealt with neededd to deal with this >specific scnario where someone denied sending an eMail. Although >DKIM can help, if the server logs haven't cycled out yet then an >affirmed affidavit that the mail server log entries are authentic has >almost always been sufficient for motivating the denying party to >suddenly remember that they did send the message. exactly ... (remember civil cases work on the balance of probabilities).. and also remember that there is account takeover, people in your household who know your passwords better than you do and that's before you get into all the BGP, NTP etc exotica (if that interests you then I once wrote a PhD thesis on all the assumptions we make about "traceability" and the circumstances in which they go wrong) -- richard Richard Clayton Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov 1755
signature.asc
Description: PGP signature
_______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop