spf-discuss
[Top] [All Lists]

Re: [spf-discuss] throwaway domains and whois

2008-10-14 13:55:11
On Mon, 13 Oct 2008, David MacQuigg wrote:
I didn't see any response to my suggestion of sending a challenge to
the author via SMTP reject.  That still seem like the better alternative,
and one that doesn't have the "weak antibiotic" problem.

Uh, of all the anti-spam methods, C/R is probably the poster child for
the antibiotic problem.

When a single person uses a homebuilt C/R, it's extremely effective, with
the only false negatives being when the backscattering variant is used and
angry backscatter victims deliberately confirm forged e-mail to punish the
C/R user.

But if it's widely deployed, many people will be using identical C/R
software, and spamware will be extended to handshake with it.  Captcha is
not an impregnable obstacle.

We just haven't seen this because most people competent enough to
implement C/R reject it out of hand due to the backscatter problem, which
has clamped usage to the point that spammers haven't had to adapt.

C/R in the 550 message, as you propose, avoids the backscatter problem
but not the antibiotic problem.  It also has the issue that some senders
may not ever see the 550 text.

---- Michael Deutschmann <michael(_at_)talamasca(_dot_)ocis(_dot_)net>


-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/735/=now
RSS Feed: https://www.listbox.com/member/archive/rss/735/
Powered by Listbox: http://www.listbox.com