Hallam-Baker, Phillip wrote:
Another piece of evidence here:
Date: Fri, 25 Apr 2003 23:35:38 -0500 (CDT)
From: AIOnetwork News6 <News6(_at_)AIOnetwork(_dot_)com>
To: pbaker(_at_)verisign(_dot_)com
Subject: Confirmation Needed - pbaker(_at_)verisign(_dot_)com
-- Attached spam deleted.
The problem with C/R schemes is that there is no way to ensure that
the challenge does not contain spam.
[...]
It matters only if the challenge requires "manual processing", sending
spam to auto responders is "less profitable" :-)
One possible way is to treat C/R as fully automatic two last stages of
"three way handshake" (TCP like) initiaded by sending a "normal" message
[weak sender authentication].
C from auto responder: I have received a message from you (sender,
message-id,date,size ...). Have you sent it ?
R from auto responder: YES/no answer
BTW I am under impression that most people assume that messages is
halted until the challenge is answered. Another possible method is to
"delay" message:
message is delivered even when no response is received if "mass spam
detection" (razor/pyzor/DCC) fails to classify it as spam during
"recheck" after 1-2h
--
Andrzej [pl>en: Andrew] Adam Filip http://www.polbox.com/a/anfi/
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg