|
FastMail Forum All posts relating to FastMail.FM should go here: suggestions, comments, requests for help, complaints, technical issues etc. |
|
Thread Tools |
10 Sep 2010, 08:51 PM | #1 | ||
Cornerstone of the Community
Join Date: Jul 2003
Posts: 692
|
Privacy of new "Report Spam" functionality
Of the new Report Spam functionality that sends reports to the sending ISP, the Fastmail newsletter says
Quote:
Thanks. -------------------------------------------- FTR, full article: Quote:
|
||
22 Sep 2010, 12:54 AM | #2 |
Essential Contributor
Join Date: Oct 2003
Posts: 327
|
If the spammer operates their own email provider, they just got a confirmation that the recipient email is live.
|
22 Sep 2010, 04:09 PM | #3 | |
The "e" in e-mail
Join Date: May 2003
Location: mostly in Thailand
Posts: 3,095
|
Quote:
I get the feeling that you are against any kind of workable feedback system because of fears that it could be exploited by malicious individuals. I am not saying such malicious activities are impossible. Indeed, I think the risk of spammers trying to kill an effective feedback system by flooding the system with false reports is the biggest risk. However, experience with such systems to date has been that they are effective without impacting the innocent. In the real messy world of the Internet, there are no perfect solutions, and best practices can vary over time, but a well constructed feedback system seems a good process to employ at this time. |
|
26 Oct 2010, 01:38 AM | #4 |
Cornerstone of the Community
Join Date: Jul 2003
Posts: 692
|
|
26 Oct 2010, 07:41 AM | #5 |
Intergalactic Postmaster
Join Date: Oct 2001
Location: Melbourne, Australia
Posts: 6,102
Representative of:
Fastmail.FM |
The X-Resolved-to and X-Delivered-to headers are removed.
However that doesn't mean the originating ISP can't determine the original recipients of the message, of course they can, because the email came from their system, so they can add whatever tracking headers they want, or just correlate with the Message-Id header from their logs. If you don't like it, disable the feature on the Options -> Spam/Virus protection screen. Rob |
26 Oct 2010, 11:08 AM | #6 |
Moderator
Join Date: Dec 2002
Location: USA
Posts: 8,687
|
Since I only get FM email from Aliases/SubDomain addresses would those be the only ones the ISP's can see (the address it was delivered to) and not my real address? If that's the case then that wouldn't bother me as long as there is no way to see my "real" address and FM is the only one that can determine that.
Sherry |
27 Oct 2010, 07:53 AM | #7 |
Cornerstone of the Community
Join Date: Jul 2003
Posts: 692
|
Is that a Yes, Confirmed to:
the user of this button is NOT identified to the the ISP receiving the spam report? ? Sure, but the issue is not who it was addressed to but who reported it as spam... and that person might not even be amonsgt those addressees. |
27 Oct 2010, 05:57 PM | #8 | |
The "e" in e-mail
Join Date: May 2003
Location: mostly in Thailand
Posts: 3,095
|
Quote:
My understanding of the privacy protection that Fastmail is attempting is not to obfuscate who is making a complaint, but to avoid revealing extra information over and above the email address originally used. If you use an alias to receive email from sleazymarketing.com, the reporting of spam should not reveal your real account name. I do not think the objective is to help you make malicious claims against goodmarketing.com without fear of retribution. |
|
27 Oct 2010, 06:27 PM | #9 | |
Cornerstone of the Community
Join Date: Jul 2003
Posts: 692
|
Quote:
|
|
29 Oct 2010, 08:53 AM | #10 |
Intergalactic Postmaster
Join Date: Oct 2001
Location: Melbourne, Australia
Posts: 6,102
Representative of:
Fastmail.FM |
The username of the Fastmail user making the report is not explicitly added to the report, only the content of the email + headers is included in the report.
Additionally, we remove the X-Resolved-to and X-Delivered-to headers, which are the most common places this information would implicitly be found in the email itself. However that doesn't mean information in other headers can't be used to identify the original recipient in some cases, we can't possibly know all the information in the headers and what they mean. Rob |
2 Nov 2010, 09:15 PM | #11 | |
Cornerstone of the Community
Join Date: Jul 2003
Posts: 692
|
Quote:
Then FM's is in no postion to make the "no added privacy implications" claim in question. FM could be returning to an originating ISP information that the ISP did not have and which IDs a recipient. That's a breach of privacy. |
|