it's also a possibility that the Turing Test will eventually fail due
to technological advances, so in the long term i don't think it's a
practical solution to anything. actually its already been proven to
be of limited use and by no means invincible.
At 3:49 PM -0700 4/2/03, Art Pollard wrote:
Why not allow the e-mail client to pose a Turing test to anybody
that is not in its whitelist?
This has all been discussed before.
1. People will do it. People *are* doing it. Some are doing it
right. Some are doing it extremely wrong. (Anyone who posted any
message to this list last week has first hand experience with that.)
2. You need to deal with people who are blind. (Not an issue, but
some tests don't.)
3. You need to deal with senders who aren't people (e.g. your bank,
Amazon, eBay...). That means that to be handled correctly you need
to know who to whitelist before they send you email. That turns out
to not be quite as easy as you might think. I've proposed that
someone come up with a standard for whitelisting URL's, but nobody
has picked up on it.
maybe that's because a simple url forgery would make a such a feature
inconsequential. without a reliable way to authenticate addresses
whitelists will be useless.
4. You need to deal with people who don't have web access but do
have email access. This includes large numbers of people at big
companies. Outbound web access at some companies is considered a
restricted privilege for security and other reasons.
5. You need to accept that you are going to annoy the hell out of a
lot of people, some of whom (including potential customers, bug
reporters, people doing you a favor...) won't bother to response.
Challenge response implicitly says that your time is more important
than that of the sender. That's not polite, and very often it's not
true. Most of the non-spam messages I receieve from strangers are
ones I care more about getting than they care about giving. But
reports. Potential clients. The people I least want to annoy.
6. You need to deal with vacation messages and other types of
auto-responders (I've header of at least one challenge/response
system that blacklisted anyone who responded incorrectly--that's a
bummer if the response was a vacation program).
If you have a solution for #3, and you don't care about #4 and #5,
then go ahead. But personally the only time I think
challenge/response is at all acceptable is as a way of dealing with
messages you already think are spam. In other words--only use it as
a mechanism for detecting false positives.
--
Kee Hinckley
http://www.messagefire.com/ Junk-Free Email Filtering
http://commons.somewhere.com/buzz/ Writings on Technology and Society
I'm not sure which upsets me more: that people are so unwilling to accept
responsibility for their own actions, or that they are so eager to regulate
everyone else's.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg