[Nottingham] Challenge-Response systems

Simon Huggins huggie at earth.li
Fri Nov 4 10:47:05 GMT 2005

On Fri, Nov 04, 2005 at 11:26:29AM +0100, Michael Erskine wrote:
> On Friday 04 November 2005 10:05, Simon Huggins wrote:
> > Ha ha ha.  Michael Simms, the guy that started the long flame fest,
> > has previously expressed his views in favour of this subject very
> > vocally on this very list.
> Well I think he would - he wrote it!

Sorry, what did he write?  All challenge response software?

> > Personally I hate them as they only inconvenience the sender of mail
> > and push all the effort there.
> It's quite a small effort and one that spam senders don't expend: so
> it works. 

How can I verify that this Challenge is legit and not generated by a
spam that had a forged From: with my address without expending a large
amount of effort to check the subject and date on the mail(s) I sent to
whichever recipient of the many I send to?

What if I fire off an email and then turn my monitor off for the

How long before spammers fake up CR challenges to verify if an address
really is getting to a person?

It just doesn't work.

Try dspam for spam filtering, arguably with greylisting and severe
header checks (sender callouts etc) and certainly reject at SMTP time
where possible.


        Black Cat Networks        -(  "There's no emoticon for what I'm  )-
UK domain, email and web hosting  -(  feeling!" -- Comic Book Guy, The   )-
http://www.blackcatnetworks.co.uk -(              Simpsons.              )-

More information about the Nottingham mailing list