ietf-asrg
[Top] [All Lists]

Re: [Asrg] Proposal: SMTPCR, a kinder/gentler Challenge/Response

2006-01-24 09:58:37

On Mon, 23 Jan 2006, Bart Schaefer wrote:

On Jan 22, 11:56pm, Walter Dnes wrote:
}
}   - Otherwise, if the email is not dropped or rejected (virus, etc), the
}     receiving MTA sends a 599 return *WITH A SHORT MESSAGE/URL POINTING
}     TO A CAPTCHA TEST*.  (It doesn't have to necessarily be 599; this is
}     just an example).

This technique is already "in the wild". It'd take me some considerable
digging to find the site, as it was a few weeks ago (it might be UC
Davis, but I really don't remember for sure), but I have encountered
an SMTP rejection where the 5.7.1 response text pointed to a web page
instucting one to paste the returned email message in a text area and
type the text from an image into another input field.

Perhaps from a departmental system or some such, but definitely not from
the central campus mail servers. We *do*, however, hand back these:

reject=550 5.7.1 Your mail server has been marked as sending spam. Visit
http://email.ucdavis.edu/rbl/index.php?ip=$&{client_addr} for more
information

to a lucky few.

Each night a script trawls our mail logs, and any IP which has handed
off to us more than 20 messages, of which more than 85% were tagged by
SpamAssassin, is added to our local RBL. Subsequent connection attempts
by a listed IP are met with the message above, which points people to
our RBL delisting request form.

As an aside, entries only reside in our RBL database for 60 days and are
then purged. ATM, we have > 26,500 entries; we've only received a total
of 338 delisting requests *total* since we implemented the blocking list
at the beginning of June. We currently reject 80,000-100,000 connections
per day based on the contents of our RBL.

There's no way we'd ever implement any C/R-like system on the central
servers.


-C
--
#!#!#!#!#!#!#!#!#!#!#!#!#!#!#!#!#!#!#!#!#!#!#!#!#!#!#!#!#!#!#!#!#!#!
Chris Callahan - UCD Information Technology - crcallahan(_at_)ucdavis(_dot_)edu
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"[T]he most important point being debated here today is whether
governments have the right to intrude on the privacy of their
citizens in such a way that citizens ultimately cannot have a
private conversation. I should be able to whisper in your ear,
even if your ear is a thousand kilometers away."  --Philip Zimmerman

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg