> In message <6585e535.11582.3a72...@postmaster.inter-corporate.com>,
> Randolf Richardson, Postmaster via mailop <mailop@mailop.org> writes
>
> >> The most commonly seen method of tracking is probably inclusion of
> >> specifically crafted links in the message, that refer to a tracking server
> >> run by the sender, so the sender knows if the recipient clicked on a link
> >> in
> >> the message.
> >
> > You're entirely correct -- thanks for adding this as I wasn't even
> >thinking of it.
>
> ask most any ESP .. this works poorly these days, robots click on the
> links to make sure they are safe and mailbox provides pre-fetch images
> for reasons of performance, safety and (tada !) to make tracking harder
We are an ESP, and this is something we're considering in the
future, along with a variety of other techniques. We haven't spoken
with other ESPs about this sort of thing.
> >> > Some of our clients are investigators, lawyers, etc., who
> >> > occasionally need high quality (read "reliable") evidence for the
> >> > cases they're working on. DKIM, when available, makes it easier to
> >> > authenticate eMail evidence in a way that can satisfy these needs.
>
> people who speculate about lawyers need are generally not lawyers. I've
The movie-making industry is probably the worst offender of getting
factual things like this wrong. :D
> been an expert witness on email related cases often enough to know that
> they are often perfectly satisfied to have a description of a well-
> formed set of Received header fields...
I agree as I've done this too. In my experience, most of requests
were early enough that the evidence was helpful in changing the case
direction toward a settlement rather than taking the matter to court.
> ... usual quote : if you think cryptography solves your problem then you
> don't understand cryptography and you don't understand your problem
Right.
> Investigators are even less interested in proof, they're reading all the
> headers, checking DNS records and jumping to (usually plausible)
> conclusions !
It depends on the investigators/lawyers. Many do want the quick and
easy approach, but I have encountered some who do want more detail to
make a better case.
> > Some of the investigators I've dealt with neededd to deal with this
> >specific scnario where someone denied sending an eMail. Although
> >DKIM can help, if the server logs haven't cycled out yet then an
> >affirmed affidavit that the mail server log entries are authentic has
> >almost always been sufficient for motivating the denying party to
> >suddenly remember that they did send the message.
>
> exactly ... (remember civil cases work on the balance of
> probabilities).. and also remember that there is account takeover,
> people in your household who know your passwords better than you do and
> that's before you get into all the BGP, NTP etc exotica (if that
> interests you then I once wrote a PhD thesis on all the assumptions we
> make about "traceability" and the circumstances in which they go wrong)
As I recall, those were probably all civil cases/investigations.
Would you mind sending me a linjk to your thesis? That's an
interesting topic, and based on what you've written I get the
impression that you have a lot more experience than I do.
> --
> richard Richard Clayton
>
> Those who would give up essential Liberty, to purchase a little temporary
> Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov 1755
--
Postmaster - postmas...@inter-corporate.com
Randolf Richardson - rand...@inter-corporate.com
Inter-Corporate Computer & Network Services, Inc.
Vancouver, British Columbia, Canada
https://www.inter-corporate.com/
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
