whitelisting mailing lists with dccproc

Brian J. Murrell dcc-list@interlinx.bc.ca
Tue Sep 11 17:54:29 UTC 2001

On Tue, Sep 11, 2001 at 08:24:35AM -0600, Vernon Schryver wrote:
> I understood the comment about ignoring dccproc results to concern
> white-listed mail.  The DCC clients do not send the checksums of
> locally white-list mail to the DCC server.

Why not?  What if there is a spammer mailing legitimately opted-in
recipients along with scraped recipients?  Perhaps DCC's motive shoudl
be to determine the "bulkiness" of mail rather than trying to target
specifically spam.

Whether some bulk mail is spam or not should be left up to recipient,

> I think that is a necessary
> privacy feature,

Privacy?  Don't the DCC clients just send checksums?  Could anyone
really determine that a privacy leak?

> since it keeps the checksums of mail that you know
> is otherwise entirely private from getting outside your network.

Sure, if they really are local, don't DCC them, but otherwise...

> That makes sense for mail that has been on the public Internet and
> has come from some other outfit in another privacy or security domain.

Right.  I am certainly not endorsing DCCing mail from your own private
domain (and the ilk).

> Mail that never leaves your network or even your computer is different.


> Not only might you know that it's not spam, but you might not want to
> let bad guys snoop on it.

Snoop in what way?  Am I incorrect that DCC calulates checksums
locally and does NOT send enitre e-mails to DCC servers?

> Imagine asking a DCC server about checksums
> for the From value "bgates@microsoft.com" and then about the Subject
> line "screw netscape".

So DCC does send actual text, not just checksums?

> With the current DCC protocol there is no way
> to ask for the count of reports of messages with both checksums, Even
> so, I think the privacy issues are worth considering.

Well if there really is a leak of real information, then sure, there
are privacy concerns.


Brian J. Murrell

More information about the DCC mailing list

Contact vjs@rhyolite.com by mail or use the form.