ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Asrg] Economic model is borken. (sic.) Let's fix it

2003-03-05 18:30:27
from [Hallam-Baker, Phillip] [Permanent Link] 
Now as far as I know, I wrote the first challenge/response spam
blocker 6 years ago, so I've been running tools like these longer
than anybody else.


I believe that John Mallery of the MIT AI lab has a prior claim 
there. He wrote a challenge/response authentication callback
loop back in 1992 for the COMLINK mailer that we used to 
publish the Clinton/Gore '92 (and the other candidates who made
it available) campaign litterature on the Internet.

Nathaniel Bornstein applied the same technique to filter his mail,
spam was not a severe problem at the time but Bornstein thought
he got rather a lot of mail. He then used the same idea yet again 
as the basis of the First Virtual payment scheme. 


I don't think that the response loop idea is acceptable as a general
solution. In my view it should only be used as a last resort if
a mailer has exhausted every other means of authenticating the
sender. That means SSL, S/MIME and PGP. Nobody should be using 
intrusive means of authentication when there are non-intrusive
options available.

The reason for this should be obvious, response loop messages are
just another form of spam. I use the term spam to mean any 
unnecessary message I don't want.

As readers of the IETF list will be aware I have recently taken
exception to certain people who send a challenge every time they
get an email, unless they think the sender important enough to
be put in their whitelist.


I think it is acceptable to send a callback loop request if all
other means of authentication have been exhausted first and the
message in question has been identified as having a high 
probability of being spam. Otherwise this type of behaviour is
simply anti-social.

Another problem with some of the challenge response services on
the net is that some of them  have a pretty poor understanding of
privacy and confidentiality. One of these services recently spamed
me saying 'we notice that you recently responded to one of our
callback loops'. Sounds to me as if someone needs a session at the
blunt end of a cluebat.


                Phill

Attachment: smime.p7s
Description: S/MIME cryptographic signature

[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Asrg] Deprecating plain POP accounts, Keith Moore
Next by Date:  [Asrg] Back to the charter, Gary Feldman
Previous by Thread:  Re: [Asrg] Economic model is borken. (sic.) Let's fix it, Brad Templeton
Next by Thread:  Re: [Asrg] Economic model is borken. (sic.) Let's fix it, Kee Hinckley
Indexes:  [Date] [Thread] [Top] [All Lists]