Re: TMDA and other challenge-response systems considered harmful
On Tuesday 01 June 2004 08:29, Tom Allison wrote:
[...]
> They are also a pain in the neck when you get a CR sent to a
> mailing list.
>
> But most importantly, and this is from personal experience here,
> they are not very useful. I played with a CR mechanism for a few
> months on my own mail server and found that I was severely defeated
> by one simple mechanism. The spammers would fire off their mail
> and auto-respond to my CR. That created an entirely automated
> system to whitelist their spam into my server.
Wow, what nice spammers you meet: give you real addresses. Mine all
use fake sending addresses, so would never receive any challenge I
sent. In fact, that is why I always thought some sort of challenge
system would be effective - it would remove 99% of the spam that
comes my way, which I, ignorantly, assumed was a representative
sample.
--
richard
Reply to: