Re: very private e-mail
2003-11-04 10:56:17
At 12:39 2003-11-04 -0100, Klaus Johannes Rusch wrote:
See http://tmda.net/ or search for "procmail challenge response" using your
favorite search engines for implementations and opinions on this type of
filtering (in short, works well as long as the senders are not
robots/autoresponders that ignore your polite request for sending a
response to your challenge)
*AND* this causes specific troubles for operators of discussion lists, as
well as the participants on same. IF you're going to use a
challenge-response (C-R) system, be prepared to either fail to be able to
confirm s*bscriptions to new lists (when a never-before-seen email address
sends you a message requesting you to confirm your s*bscription by hitting
a website or replying with some specific text), or to get booted from lists
when the admin finds you're responsible for autoreplies of this nature to
every participant.
Be prepared to deal (or more appropriatley, NOT deal) with people who
decide that it isn't THEIR job to safeguard your inbox, and once they
receive a challenge when they're REPLYING to a message you posted on a
list, they opt to dump your mail rather than deal with the added work.
Further, take a few moments to consider the outcome of when YOUR C-R system
sends a message in response to someone elses' C-R (say, a different
implementation, so implementation-specific safeguards against this will
prove completely worthless).
You're much better off just whitelisting the people/lists you communicate
with - you'll likely lose much less mail, and will certainly annoy fewer
people.
I've seen enough people start using one of these systems and annoy the heck
out of tons of other people, or of the listadmin, and I've seen people fail
to be able to sign up for a list because their C-R system belts thest
things out at the listprocessor, and then they go emailing some support
person, via an address they find on a webpage, but the actual support
response comes from a different address, meaning even if your C-R system
auto-whitelists addresses you send messages to, the reply may still have to
contend with the C-R process. The systems which insist on sending these
responses out automatically for each incoming message, rather than sorting
out which addresses have been queried already, are exceptionally annoying -
by the time the responsible user even becomes aware that they're causing a
big problem for others, they've already been kicked off the list, and been
inserted into several individual killfiles, never to be removed.
Consider also VIRUSES. You know - the ones that forge the sender and From:
addresses to be some poor sap who just happens to be in the saves email or
addressbook of the infected user. Similarly, SPAM joe-jobs, where a
spammer deliberatley forges their From: to be the address of some poor sod
who has nothing to do with it, except perhaps the spammer knows that guy
complained about the spammer previously.
C-R isn't a cure - it offloads your problem onto other people - people who
are not responsible for your spam problem to begin with.
---
Sean B. Straw / Professional Software Engineering
Procmail disclaimer: <http://www.professional.org/procmail/disclaimer.html>
Please DO NOT carbon me on list replies. I'll get my copy from the list.
_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail
|
|