ietf-asrg
[Top] [All Lists]

RE: [Asrg] Re: Brad Templeton's C/R Guidelines

2003-05-29 15:11:45

Not sure I agree with preserving the original recipient's email address for
the challenge sender.  It's not really nice when a mail server starts
spoofing people's addresses.  Also, we monitor the bounces of the challenges
to auto-block bogus senders.  If the bounce goes back to the original
recipient, then the server can't tell what message is a bounce vs. normal
email.  One could inspect deep down into the message, but that's a bit
annoying...and intrusive.

Using a "system" email address for the challenge is representative of
exactly what is going on.  A C/R system is challenging a sender.  If the
challenge message bounces, it's returned to the system address which can
readily process it.  Anyway, it's arguable and therefore optional.  I agree
that a sender will more readily respond to a challenge message from someone
he knows, however, I don't like what's really happening.  In addition, if
someone sends a message to 10 people behind a C/R system, are 10 messages
returned?  Which sender is returned?  If you use a system address, it's
simple.

Also, modifying the subject line by prepending a "Re:" or "Fwd:" is just
plain creepy.  If I send a message to someone and they reply..but with their
email address and Re:subject line..then I open the message to find something
else inside...I just don't like that...some do..and do so for valid
reasons...I don't.

Yakov Shafranovich <research(_at_)solidmatrix(_dot_)com> writes:

Here is a list of C/R guidelines compiled by Brad Templeton, who
wrote one of the early C/R systems (from
http://www.templetons.com/brad/spam/challengeresponse.html).

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg



<Prev in Thread] Current Thread [Next in Thread>