Guys, havent we all seen good example of what robots do last
week with
that mailkey bot?
I agree with Vernon - the challenge/response roboots are last
resort and
if you already determined its a spam and just want to make
sure its not
false positive.
I would add one caveat, it should say WHY the email is being
bounced. otherwise it looks like an indiscriminate bounce.
I don't think folk have problems with a response saying
that the message had spamwords in it.
If we do any challege-response system it must be automated in
a way that
humans do not get annoyed and that all systems can recognize
its a bot and
since its automated some kind of authenticaiton would be
necessary to not
let spammers participate in it.
We should not accept second rate authentication over cryptographic
authentication though. The mailing list attack that I described
earlier is real and has occurred on several occasions to me,
the IETF lists appear to be common targets. Challenge/Response
has a well known couterattack, we should not accept it in preference
to digital signatures.
Phill
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg