procmail
[Top] [All Lists]

Re: challenge-response

2005-07-25 21:04:36
At 21:10 2005-07-25 -0600, Lloyd Standish wrote:
A spammer's return address is almost never one mail can be delivered to.
I think many of them are, as you say, faked.

The matter of faked isn't simply INVALID, but rather when the spammer 
chooses to Joe-job someone, or just (as many viruses do these days) forge 
mail using harvested email addresses.

bandwidth.  The challenge is usually bounced back (from undeliverable
spammers' addresses and, I assume, forged spammer addresses)

You assume incorrectly - the challenge will successfully deliver into the 
inbox of persons who hold valid email addresses who were forged.  That'd be 
a person who DID NOT send you an email.

On the other hand, this whitelist system (with challenge emails sent to
anyone not on the whitelist) allows me to simply discard spam rather than
try to filter it and identify it.  I find it offensive to have to look
through spam for legitimate mail. This system frees me from that.

... and unloads your mailbox management upon the people sending you 
emails.  Such as responses to discussion list messages.

I routinely DO NOT respond to challenge-response ("PYLM" - Prove You Love 
Me) schemes.  They are not the answer.  I'll more readily block someone at 
my MTA than jump through hoops to get their system to quit sending me 
confirmation requests.  Esp if *I* was taking the time to answer a question 
they sent to me or to a discussion list.

Is the cost in bandwidth necessary to implement a challenge-response spam
block system justifiable?

It isn't just bandwidth.  It is moronic implementations and a lack of 
standards - two PYLM systems could battle it out without either party 
realizing that their communication isn't getting through to the other.

A personal gripe is the $#!THEADS that use PYLM schemes when s*bscribed to 
discussion lists, and their implementation of PYLM ends up sending 
challenges to every message posted to the list, even though those 
individuals are not corresponding directly with said $#!THEAD.

Imagine providing answers to someone and then getting SEVERAL PYLM 
challenges from different parties because of your participation.


Bottom line: if you use a challenge-response system, you should be prepared 
for a drop in LEGITIMATE correspondance along with your drop in spam.

If you find a quick browse through a spam filter report to be annoying, 
imagine not receiving responses to your messages.

---
  Sean B. Straw / Professional Software Engineering

  Procmail disclaimer: <http://www.professional.org/procmail/disclaimer.html>
  Please DO NOT carbon me on list replies.  I'll get my copy from the list.


____________________________________________________________
procmail mailing list   Procmail homepage: http://www.procmail.org/
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail

<Prev in Thread] Current Thread [Next in Thread>