On Wed, Apr 09, 2003 at 08:45:32PM -0700, J C Lawrence wrote:
On Wed, 9 Apr 2003 16:19:47 -0700
1) Are we sufficiently agreed that challenge/response will be a part
of the solution that we can move ahead on its design?
People are free to run C/R systems. A system designed for widescale use
should indeed follow a set of principles:
a) Properly handle mailing list mail
b) Never challenge a reply to an E-mail you sent, even if you sent
it from elsewhere and a different account which aliases over to
the real mailbox.
c) Include protections against loops, obviously and challenging other
challenges, autoresponses etc.
d) Provide a means to allow the user to review all their blocked mail
(sorted by spam score) to catch the people who did not respond
to the challenge. Yes, these happen regularly even with simple
challenges, and not because the other person is lazy.
e) If you don't do (d), provide some other means for anonymous mail
and yes, mail from people with broken mailers, to make it to you.
2) Do we need to define a taxonomy of the rights and forms of consent
being acquired, or are we content with a simple, "I can send you
mail?"
Simpler is better
3) Is there more needed within the challenge/response system for spam
prevention other than/outside of the simple challenge response (eg
some sort of testimonial or contract on the basis of the responder)?
Nope.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg