ietf-asrg
[Top] [All Lists]

[Asrg] Seeking volunteers for C/R documents (was: Washington Pos t: Earthlink to Deploy a Challenge-Response System for )

2003-05-10 11:40:50

Yes, a BCP for designing and deploying C/R systems would be useful.
Additionally, a proposal for a C/R protocol would be useful. This would
permit interaction between different C/R systems and allow integration into
MTAs and MUAs.

Does anyone have a set of thoughts in either of these two directions that
they would like to put together and move forward?


-----Original Message-----
From: John Fenley [mailto:pontifier(_at_)hotmail(_dot_)com] 
Sent: Friday, May 09, 2003 12:16 PM
To: asrg(_at_)ietf(_dot_)org
Subject: Re: [Asrg] Washington Post: Earthlink to Deploy a 
Challenge-Response System for 


Someone mentioned writing some guidelines for responsible 
Challenge/Response 
systems. Any chance we could officially ask Earthlink to hold 
off deployment 
for a month so we can get something together to guide them?

Perhaps even a list of fatal flaws and suggested best 
practices would help.

These are my suggestions for a beginning list of problems:
1. Avoid infinite loops.
2. Allow all Opt-in mail.
3. take steps to prevent spammer evolution.
4. Provide proof that the challenge is legitimate.
5. Avoid simple reply style challenges that are easy to 
autorespond to. 6. Use generous auto whitelisting. 7. support 
all types of  identity proofs including new ones. 8. Don't 
just delete everything that doesn't respond correctly, perhaps 
reward correct challenges by placing them at the top of the inbox.

John Fenley

_________________________________________________________________
Help STOP SPAM with the new MSN 8 and get 2 months FREE*  
http://join.msn.com/?page=features/junkmail

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg