[OpenID] Test 2 of 2 for second round of detecting false positive SPAM on OpenID mailing lists

ericsach1764 at comcast.net ericsach1764 at comcast.net
Wed Oct 5 18:19:37 UTC 2011 




Two weeks ago we ran a test because of complaints that posts to the OpenID mailing lists are ending up in user's SPAM folder. The results unfortunately confirmed this is a significant and growing problem. With the help of the OSU Open Source Lab that hosts these mailing lists, we have made some changes to better handle the growing adoption of SPF/DKIM in email servers. 


We are now repeating the test from two weeks ago to see how much these changes have reduced the problem. We are sending 2 messages to the list. Please DO NOT REPLY to this message because in some cases that will cause mail services to remove the SPAM flag on the initial message. 


If you only receive 1 of the 2 messages, please send a message directly to esachs at google.com. It would help if you could find the other message in your SPAM folder and forward its headers. 


p.s. The content below is being included because the original post of this message is an example of one that was marked as SPAM in many cases. 


---------- Forwarded message ---------- 
From: Eric Sachs < esachs at google.com > 
Date: Mon, Aug 29, 2011 at 10:47 AM 
Subject: Account Chooser working group charter submission 
To: openid-general at lists.openid. net 



At the last few Internet Identity Workshops there have been discussions about building a “cloud based” identity selector. The idea has been to mix the user experience advantages of Information Cards, the popularity of consumer identity providers, and still support large numbers of identity providers as InCommon has done. The end result is a user experience that is being called an “ Account Chooser .” 

A charter for a new account chooser working group was submitted today for review by the specs council. We plan to discuss it in more detail at the upcoming September 12/13 OpenID Summit hosted by Microsoft in Mountain View, CA. 


The end goal of this account chooser technique is to make the sign-in process as simple as a user clicking their picture from a list of accounts they frequently use on a website. 


greenAC.png




For example, Bonnie is on her mobile phone and wants to login to a website. She is shown a list of accounts including her personal account, her work account, and an entry for her husband who sometimes borrows her phone. She simply clicks the account she wants to use. 


If she had a new phone, or computer, she would need to add those accounts to the device, so she would see a screen like the one below where she could click her identity provider if it was listed. If not, she can simply type her email address. If there is a known identity provider for that email address, she will be redirected to it, otherwise she will be asked for her password on this site. 


greenadd.png






In preparation for the upcoming OpenID Summit we have started to build the accountchooser.com website with an overview of this user experience, as well as an initial implementor’s guide. A new mailing list will be created by this working group for further discussion once the spec council gives their approval. 

There are a few websites where you can currently experiment with an account chooser: 

    • Google now provides the option to opt-in to using an account chooser instead of Google’s traditional email/password based login box 
    • There is also a test site which lets you manually reconfigure your account after you login 
    • A sample e-commerce site is also available that uses an account chooser (though it is under construction this week, so it may be unstable) 
There are multiple ways to deploy an account chooser. The quickest option is generally to use a SaaS vendor who provides an account chooser as well as integration with popular identity providers. Current SaaS vendors in this category include the Google Identity Toolkit and Janrain Login Helper . Another option is to use a JavaScript widget that implements an account chooser, but then operate your own server side logic to integrate with identity providers. It is possible to use the Google Identity Toolkit in this mode, and other vendors may provide similar widgets in the future. 

-- 

Eric Sachs | Senior Product Manager | esachs at google.com 




-- 

Eric Sachs | Senior Product Manager | esachs at google.com 





-- 

Eric Sachs | Senior Product Manager | esachs at google.com 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20111005/663e924f/attachment.html>

More information about the general mailing list