This is a readily addressable issue. I previously stated that an
email service provider could maintain a list of outgoing emails
sent by each user. Incoming challenges could then be filtered
out if they did not correspond to the outgoing email.
If it was that simple to match up received e-mail to sent e-mail,
everyone would be doing it already as a whitelisting mechanism.
Unfortunately, there are things like mailing lists, aliases, people
who use multiple e-mail service providers, and so on.
mathew
The filter I was describing was not meant to apply to every form of automated
or mass emailing. It specifically applied to challenges sent in response to an
email that had just been sent.
Everyone is not already doing it because these challenges currently only fill a
small niche in the anti-spam fight. Everyone will quickly do it if you employ
a near universally used highly effective anti-spam system that utilizes such
challenges.
Michael
--
_______________________________________________
NEW! Lycos Dating Search. The only place to search multiple dating sites at
once.
http://datingsearch.lycos.com
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg