[Top] [All Lists]

RE: [Asrg] 6. Proposals - CRI Draft - 4.1 Loop Avoidance

2003-10-01 19:48:29
At 8:30 PM -0400 10/1/03, Eric Dean wrote:
If we start adding various messaging such as with DSNs...I don't think
that we should be hijacking a sender's email address to carry various
protocol information.

Perhaps. Just keep in mind that you need to interoperate with more than just other CR systems.

As an example, a user of a CR system sent mail to our support system. Our spam filters validated the sending email address by doing a MAIL FROM/RCPT TO. Then we generated an auto-reply. His CR system rejected the our auto-reply and we got a bounce report from our server. Then the CR system sent us two challenges. One went to the support system, but it didn't use the same subject, so it didn't have the ticket number, so it generated a new ticket, to which we responded (fortunately the CR system didn't challenge that as well). The other challenge was generated by the CR mail server, which generates challenges when it gets a RCPT TO, rather than when it gets a message (and they aren't the only ones who use that stunt). That reply went to a trap address that we use for the MAIL FROM--so no damage there, just annoyance.

So here's the count of messages sent.

User - 1
Support System - 2
CR System - 2

And of course we have a bogus support ticket to clear out.
And the user doesn't get any feedback that we've gotten their support request until it moves through the queue to a human. At which point our support folks have to go to the web site and answer the challenge.

Kee Hinckley         Next Generation Spam Defense  Writings on Technology and Society

I'm not sure which upsets me more: that people are so unwilling to accept
responsibility for their own actions, or that they are so eager to regulate
everyone else's.

Asrg mailing list