[Nottingham] Challenge-Response systems
Simon Huggins
huggie at earth.li
Fri Nov 4 10:47:05 GMT 2005
On Fri, Nov 04, 2005 at 11:26:29AM +0100, Michael Erskine wrote:
> On Friday 04 November 2005 10:05, Simon Huggins wrote:
> > Ha ha ha. Michael Simms, the guy that started the long flame fest,
> > has previously expressed his views in favour of this subject very
> > vocally on this very list.
> Well I think he would - he wrote it!
Sorry, what did he write? All challenge response software?
> > Personally I hate them as they only inconvenience the sender of mail
> > and push all the effort there.
> It's quite a small effort and one that spam senders don't expend: so
> it works.
How can I verify that this Challenge is legit and not generated by a
spam that had a forged From: with my address without expending a large
amount of effort to check the subject and date on the mail(s) I sent to
whichever recipient of the many I send to?
What if I fire off an email and then turn my monitor off for the
weekend?
How long before spammers fake up CR challenges to verify if an address
really is getting to a person?
It just doesn't work.
Try dspam for spam filtering, arguably with greylisting and severe
header checks (sender callouts etc) and certainly reject at SMTP time
where possible.
Simon.
--
Black Cat Networks -( "There's no emoticon for what I'm )-
UK domain, email and web hosting -( feeling!" -- Comic Book Guy, The )-
http://www.blackcatnetworks.co.uk -( Simpsons. )-
More information about the Nottingham
mailing list