ietf-asrg
[Top] [All Lists]

Re: [Asrg] New take on emerging idea. (yet another C-R system?)

2003-04-09 22:42:57
On Wed, Apr 09, 2003 at 08:45:32PM -0700, J C Lawrence wrote:
On Wed, 9 Apr 2003 16:19:47 -0700 
  1) Are we sufficiently agreed that challenge/response will be a part
  of the solution that we can move ahead on its design?

People are free to run C/R systems.  A system designed for widescale use
should indeed follow a set of principles:

    a) Properly handle mailing list mail
    b) Never challenge a reply to an E-mail you sent, even if you sent
       it from elsewhere and a different account which aliases over to
       the real mailbox.
    c) Include protections against loops, obviously and challenging other
       challenges, autoresponses etc.

    d) Provide a means to allow the user to review all their blocked mail
       (sorted by spam score) to catch the people who did not respond
       to the challenge.  Yes, these happen regularly even with simple
       challenges, and not because the other person is lazy.

    e) If you don't do (d), provide some other means for anonymous mail
       and yes, mail from people with broken mailers, to make it to you.

  2) Do we need to define a taxonomy of the rights and forms of consent
  being acquired, or are we content with a simple, "I can send you
  mail?"

    Simpler is better

  3) Is there more needed within the challenge/response system for spam
  prevention other than/outside of the simple challenge response (eg
  some sort of testimonial or contract on the basis of the responder)?

Nope.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg



<Prev in Thread] Current Thread [Next in Thread>