On Jun 1, 2005, at 8:53 AM, John Levine wrote:
My goal here is to minimize annoyance -- once you answer someone's
challenge, his challengebot shuts up. If you don't, every time he
gets another forged spam with your address in it, you get another
challenge.
(I'm switching the second-person 'you' in the quoted text to first-
person here..)
But doesn't this mean that if my email does get on a spam-list
somewhere, and other people have challengebots, then I'll potentially
be getting *lots* of challenges. In which case, the 'challenge'
email (initiated by the forged spam with my From address) becomes a
form of spam in itself. So I either 1) ignore ALL challenges, 2)
answer them all, or 3) need some kind of filter to figure out which
ones are from legitimate people as opposed to spam-bots.
Situation 3 is just what we have now, except it's harder because
there's less information in a challenge on which to decide whether
it's legit. In situation 1, challenges become useless (for anyone).
In situation 2, challenges also becomes useless.
So unless there's a hole in my logic here (there probably is), if
C/R systems are widely used, the will become useless, unless some way
of keeping forged email from being sent is found - which is one of
the big problems with spam..
Jim <back to lurk-dom>
"KILL THE BOTS!!"
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg