Re: TMDA and other challenge-response systems considered harmful

To: debian-user@lists.debian.org
Subject: Re: TMDA and other challenge-response systems considered harmful
From: richard lyons <richard@the-place.net>
Date: Tue, 1 Jun 2004 12:36:59 -0400
Message-id: <[🔎] 200406011237.01004.richard@the-place.net>
In-reply-to: <[🔎] 40BC769B.602@tacocat.net>
References: <E1BTMKV-0004lg-00@optimus.eros.lan> <c9bfke$ufj$1@sea.gmane.org> <[🔎] 40BC769B.602@tacocat.net>

On Tuesday 01 June 2004 08:29, Tom Allison wrote:
[...]
> They are also a pain in the neck when you get a CR sent to a
> mailing list.
>
> But most importantly, and this is from personal experience here,
> they are not very useful.  I played with a CR mechanism for a few
> months on my own mail server and found that I was severely defeated
> by one simple mechanism.  The spammers would fire off their mail
> and auto-respond to my CR.  That created an entirely automated
> system to whitelist their spam into my server.

Wow, what nice spammers you meet: give you real addresses.  Mine all 
use fake sending addresses, so would never receive any challenge I 
sent.  In fact, that is why I always thought some sort of challenge 
system would be effective - it would remove 99% of the spam that 
comes my way, which I, ignorantly, assumed was a representative 
sample.

-- 
richard

Reply to:

Follow-Ups:
- Re: TMDA and other challenge-response systems considered harmful
  - From: Steve Lamb <grey@dmiyu.org>
- Re: TMDA and other challenge-response systems considered harmful
  - From: Tim Connors <tconnors+linuxdebianuser1086148699@astro.swin.edu.au>

References:
- Re: TMDA and other challenge-response systems considered harmful
  - From: Tom Allison <tallison@tacocat.net>

Prev by Date: how to set time-out for smbmount?
Next by Date: grsecurity ending
Previous by thread: Re: TMDA and other challenge-response systems considered harmful
Next by thread: Re: TMDA and other challenge-response systems considered harmful
Index(es):
- Date
- Thread