Yakov Shafranovich wrote:
As I mentioned before what we are trying to figure out is the intent of
C/R systems. We are aware that an automatic procotol can create a hole
for spammers but at least the spammers must have a valid return address.
The question remains: are C/R systems intended to verify that the
message arrived from a valid email address or are they intended to make
sure the sender is human?
fair enough. Obviously, I am coming into the middle of the conversation and am
trying to catch up.
I would argue that any form[1] of a challenge/response system is trying to
determine that the e-mail address is valid. It is unimportant and irrelevant as
to whether or not the sender was human. Any notification system (invoice from
sales, billing etc.) is not sent by human and will not have a usable return address.
A long-winded example of this was pointed out to me by a potential customer.
They were a financial house and they got notice of transaction completions by
e-mail from automated systems. They could not enumerate all of the systems they
get e-mail from so white lists were out of the question. They themselves were
unwilling to provide a real address for bounces from their own automated system
because they would not dedicate the personnel to sit there and handle all of the
messages[2]. For them, challenge response without automated handling was
completely unacceptable.
so, I'll argue for system that will allow automated systems to talk to each
other by e-mail without any human interaction.
---eric
[1] in their best forms, stamp and challenge/response systems are functionally
identical. A stamp can be thought of as a generated answer to an anticipated
question/challenge.
[2] on the other hand, they could justify spending a couple of salaries on
rooting through the spamtrap because they had once lost 1.5 million dollars on a
message that was stuck in the spamtrap for about an hour. If you ever want to
know why about something, follow the money.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg