At 21:10 2005-07-25 -0600, Lloyd Standish wrote:
A spammer's return address is almost never one mail can be delivered to.
I think many of them are, as you say, faked.
The matter of faked isn't simply INVALID, but rather when the spammer
chooses to Joe-job someone, or just (as many viruses do these days) forge
mail using harvested email addresses.
bandwidth. The challenge is usually bounced back (from undeliverable
spammers' addresses and, I assume, forged spammer addresses)
You assume incorrectly - the challenge will successfully deliver into the
inbox of persons who hold valid email addresses who were forged. That'd be
a person who DID NOT send you an email.
On the other hand, this whitelist system (with challenge emails sent to
anyone not on the whitelist) allows me to simply discard spam rather than
try to filter it and identify it. I find it offensive to have to look
through spam for legitimate mail. This system frees me from that.
... and unloads your mailbox management upon the people sending you
emails. Such as responses to discussion list messages.
I routinely DO NOT respond to challenge-response ("PYLM" - Prove You Love
Me) schemes. They are not the answer. I'll more readily block someone at
my MTA than jump through hoops to get their system to quit sending me
confirmation requests. Esp if *I* was taking the time to answer a question
they sent to me or to a discussion list.
Is the cost in bandwidth necessary to implement a challenge-response spam
block system justifiable?
It isn't just bandwidth. It is moronic implementations and a lack of
standards - two PYLM systems could battle it out without either party
realizing that their communication isn't getting through to the other.
A personal gripe is the $#!THEADS that use PYLM schemes when s*bscribed to
discussion lists, and their implementation of PYLM ends up sending
challenges to every message posted to the list, even though those
individuals are not corresponding directly with said $#!THEAD.
Imagine providing answers to someone and then getting SEVERAL PYLM
challenges from different parties because of your participation.
Bottom line: if you use a challenge-response system, you should be prepared
for a drop in LEGITIMATE correspondance along with your drop in spam.
If you find a quick browse through a spam filter report to be annoying,
imagine not receiving responses to your messages.
---
Sean B. Straw / Professional Software Engineering
Procmail disclaimer: <http://www.professional.org/procmail/disclaimer.html>
Please DO NOT carbon me on list replies. I'll get my copy from the list.
____________________________________________________________
procmail mailing list Procmail homepage: http://www.procmail.org/
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail