At 2:29 PM -0800 3/18/03, Lee Murach wrote:
But the spammer, assuming he doesn't already know the codes, will be
obliglied to receive and process replies from each recipient in
order to learn them. This is scarcely practical. Neither is it
Is this implemented in the MTA or the MUA? If the MTA, then what
happens when the spammer sends using a real return address (say a
temporary hotmail account, or that of an innocent bystander)?
Temp account case:
A sends to B with own spam code
B returns to A asking for a resend with the new code
A resends with new code.
Forged account case:
A sends to B with fake spam code
B returns to A asking for a resend with the new code
A gets the message and does one of two things
1. tosses the message because it's a resend request with the wrong
code--unfortunately that would mean that you couldn't change your
code without first making sure that all outstanding email had cleared
2. sends mail to B asking for a resend with the real code - then the
protocol continues until the message gets through.
And of course it really is a change to the protocol at that level,
since it drastically changes the behavior of the MTA.
If it's implemented in the MUA then this essentially becomes a
challenge response system (without the need to prove that the remote
sender is a human being).
In either MUA or MTA case, you clearly can't do the auto-reply until
you see mail with the Spam: header. Anything else won't properly
respond. So you have to let it through without challenging.
Now we apply the patented "where's the incentive" test.
1% Adoption - the spammers clearly don't use the header. None of
your friends use the header. So you still get as much spam as ever.
10% Adoption - the spammers don't use the header. Most other people
don't use the header, so you still have to accept email from
spammers. However you do now have some friends using the header, and
initial conversations with them are slower.
So. Not a huge amount of pain to use. But no apparent benefit until
90% of your correspondents are using the system and you can safely
shut out the rest.
--
Kee Hinckley
http://www.puremessaging.com/ Junk-Free Email Filtering
http://commons.somewhere.com/buzz/ Writings on Technology and Society
I'm not sure which upsets me more: that people are so unwilling to accept
responsibility for their own actions, or that they are so eager to regulate
everyone else's.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg