[arin-ppml] Access to list of Number Resources with no valid POCs

Leif Sawyer lsawyer at gci.com
Wed Aug 20 15:01:20 EDT 2014

Hash: SHA1

John -

   I think that  PGP signing all outgoing email is a great step at providing a level
of authentication and validation for non-secure-channel communications.

Version: GnuPG v1


-----Original Message-----
From: arin-ppml-bounces at arin.net [mailto:arin-ppml-bounces at arin.net] On Behalf Of John Curran
Sent: Wednesday, August 20, 2014 10:09 AM
To: Ted Mittelstaedt
Cc: arin-ppml at arin.net
Subject: Re: [arin-ppml] Access to list of Number Resources with no valid POCs

On Aug 20, 2014, at 12:24 PM, Ted Mittelstaedt <tedm at ipinc.net> wrote:
> Hi John,
>  Embedded URLs are not really the problem - the problem is 
> MIME-encoded email and HTML-encoded email that have the embedded URLs.
>  If you are sending clickable URLs out in pure ASCII (text) emails 
> then there isn't any problem.  The fact is that many email clients 
> when they see URL's in ASCII mail will make them "clickable"  A pure 
> text email cannot hide a different URL behind one URL.
>  In an ideal world the URL would not exist in the email, because including it helps to legitimize the practice.
>  But in practicality the most important thing is getting validation 
> that the email address is being read by a human being, and the 
> embedded URL does accomplish that.  It may also be that the 
> destination email address is something like "hostmaster at example.com" 
> and is being forwarded to a recipient who's knee-jerk Reply would be 
> to send the reply with a different senders address than what you 
> emailed to. (which might complicate parsing the replies)
>  Since your getting significant returns on the clicks then you should 
> continue to use them - but my vote would be to ONLY use them in TEXT 
> emails.
>  I know that sending pure text emails is out of fashion - since that 
> precludes people putting in all kinds of fancy logos and formatting 
> which they believe are necessary to the continuation of the species - 
> but us old timers were formatting ASCII-only email since before most 
> of the young whippersnappers out there were in diapers. ;-)

Ted - 
  Point taken (and I am a huge fan of plain text email :-)...  I will
  look into any downsides to this approach and report back to the list.

  Curious, would it help if ARIN pgp-signs the verification message with
  our hostmaster at arin.net account?  Does this change the requirement for
  plain text email?


John Curran
President and CEO

You are receiving this message because you are subscribed to the ARIN Public Policy Mailing List (ARIN-PPML at arin.net).
Unsubscribe or manage your mailing list subscription at:
Please contact info at arin.net if you experience any issues.

More information about the ARIN-PPML mailing list