Hallam-Baker, Phillip wrote:
We have seen this mentioned here before. This approach to C/R by spammers
does have one beneficial side-effect: they must ensure that the challenge
gets back to a useful address. Thus, they can no longer forge everything
and
expect mail to get through.
The same effect can be achieved without negative impact on the end user
experience.
Beside regular C/R without Turing tests, I am not aware of something
that can do the same thing without changing something in the underlying
email architechture. The whole advantage of C/R is that it does not
require anything to be changed, but annoys end-users. If you can list
some other alternatives that can verify the return address, that would
be helpful.
Also, like Eric Dean mentioned, if the whole purpose of C/R is to verify
return addresses, adding an automated proposal like CRI would help
reduce the end-user problems, ASSUMING that return address verification
is useful at all.
(Just a note, I am not advocating C/R, just engaging in a discussion
about it)
Yakov
-------
Yakov Shafranovich / asrg <at> shaftek.org
SolidMatrix Technologies, Inc. / research <at> solidmatrix.com
"All that is gold does not glitter" (LOTR)
-------
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg