Re: [Asrg] Washington Post: Earthlink to Deploy a Challenge-Response Sys

Someone mentioned writing some guidelines for responsible Challenge/Responsesystems. Any chance we could officially ask Earthlink to hold off deploymentfor a month so we can get something together to guide them?


Perhaps even a list of fatal flaws and suggested best practices would help.

These are my suggestions for a beginning list of problems:
1. Avoid infinite loops.
2. Allow all Opt-in mail.
3. take steps to prevent spammer evolution.
4. Provide proof that the challenge is legitimate.
5. Avoid simple reply style challenges that are easy to autorespond to.
6. Use generous auto whitelisting.
7. support all types of  identity proofs including new ones.

8. Don't just delete everything that doesn't respond correctly, perhapsreward correct challenges by placing them at the top of the inbox.


John Fenley

_________________________________________________________________

Help STOP SPAM with the new MSN 8 and get 2 months FREE*http://join.msn.com/?page=features/junkmail


_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg

<Prev in Thread]

Current Thread

[Next in Thread>

Previous by Date:

Re: Fwd: [Asrg] How many legitimate SMTP servers?, Scott Nelson

Next by Date:

Re: [Asrg] Assume perfect knowledge by domain registry provisioners, so what?, Eric Brunner-Williams in Portland Maine

Previous by Thread:

Re: [Asrg] Re: RMX evaluation, John Fenley

Next by Thread:

Re: [Asrg] Washington Post: Earthlink to Deploy a Challenge-Response System for, Vernon Schryver

Indexes:

[Date] [Thread] [Top] [All Lists]