On Wed, Mar 23, 2005 at 03:51:33PM -0800, Douglas Campbell wrote:
Reversion of topic: The author of FairUCE is making some simplistic
assumptions about the nature of e-mail; for example, they send back a
challenge to the machine connecting to the recipient's e-mail server.
This is the thing I like most about it.
a) C/R systems currently work, as there is no standard (which is also
the crux, so they cannot be processed automatically)
b) as soon as there is some kind of standard, C/R systems will become
useless, as spammers will approve the R.
c) sending the C/R to the machine that emitted the suspicious messages
makes it even simpler for the spammer to ACK the C/R, even if the
sender address is faked.
There was a article on ZDNET that was quoted in a german business club
antispam forum. In that article they had an interview where the IBM person
said that they plan to kinda counter attack the sending machine to limit
its bandwidth and reduce the harm it causes.
"A few weeks of developing and testing can save a whole afternoon
in the library."
http://security.clevertech.net/adobe/sans_001213.pdf
\Maex
--
SpaceNet AG | Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0
Research & Development | D-80807 Muenchen | Fax: +49 (89) 32356-299
"The security, stability and reliability of a computer system is reciprocally
proportional to the amount of vacuity between the ears of the admin"
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg