Kreemy wrote,
You can also search this list for "PYLM" (Prove you Love me) for
reasons NOT to do this.
In retrospect, I regret having coined that term. It was engendered not
so much by the inherent flaws in the challenge-response idea so much by
two faults in early implementations. One is not universal any more and
the other is actually rare.
The first one was failing to whitelist solicited mail, such as responses
to mail one sends or to one's public posts. *Some* C/R systems do
accept such mail for a limited time after one sends the solicitation.
The latter was wording the challenge nastily under the assumption that
any sending address not already on the whitelist was an invading spammer
who should be told to drop dead and burn in hell, rather than realizing
that such intruders are the ones who will *not* read the challenge, that
anyone actually reading the text of the challenge is either a legitimate
sender or a victim of a forgery. Today most challenges take the tone of
"my filters don't know you yet, at least not under that address, and
spam is just such a big problem that I'm forced to do this whenever mail
comes from an unrecognized address."
Challenge-response is still a bad idea, but I'd no longer use as harsh a
term as "pylming" for the way it's done nowadays.
_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail