Yes, a BCP for designing and deploying C/R systems would be useful.
Additionally, a proposal for a C/R protocol would be useful. This would
permit interaction between different C/R systems and allow integration into
MTAs and MUAs.
Does anyone have a set of thoughts in either of these two directions that
they would like to put together and move forward?
-----Original Message-----
From: John Fenley [mailto:pontifier(_at_)hotmail(_dot_)com]
Sent: Friday, May 09, 2003 12:16 PM
To: asrg(_at_)ietf(_dot_)org
Subject: Re: [Asrg] Washington Post: Earthlink to Deploy a
Challenge-Response System for
Someone mentioned writing some guidelines for responsible
Challenge/Response
systems. Any chance we could officially ask Earthlink to hold
off deployment
for a month so we can get something together to guide them?
Perhaps even a list of fatal flaws and suggested best
practices would help.
These are my suggestions for a beginning list of problems:
1. Avoid infinite loops.
2. Allow all Opt-in mail.
3. take steps to prevent spammer evolution.
4. Provide proof that the challenge is legitimate.
5. Avoid simple reply style challenges that are easy to
autorespond to. 6. Use generous auto whitelisting. 7. support
all types of identity proofs including new ones. 8. Don't
just delete everything that doesn't respond correctly, perhaps
reward correct challenges by placing them at the top of the inbox.
John Fenley
_________________________________________________________________
Help STOP SPAM with the new MSN 8 and get 2 months FREE*
http://join.msn.com/?page=features/junkmail
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg