Re: tmda: Challenge-response is fundamentally broken

To: debian-devel@lists.debian.org
Subject: Re: tmda: Challenge-response is fundamentally broken
From: Andreas Metzler <ametzler@logic.univie.ac.at>
Date: Wed, 27 Aug 2003 14:49:51 +0200
Message-id: <[🔎] 20030827124951.GD1801@balrog.logic.univie.ac.at>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <[🔎] uiun0dv1n94.fsf@echo.linpro.no>
References: <[🔎] uiun0dv1n94.fsf@echo.linpro.no>

On Wed, Aug 27, 2003 at 11:08:23AM +0200, Tore Anderson wrote:
> severity 207300 grave
> quit
> 
> * Karsten M. Self
>> Briefly:  challenge-response (C-R) spam fighting systems are
>> fundamentally broken by design.
[...] 
>   You just spammed me with one of your "challenges", Adam.  I do not
>  think I have ever before sent you an e-mail, and I am 100% certain I
>  have never sent you any trojan horse designed to break Microsoft
>  Outlook.  Upon inspection of the headers, I see you did so even after
>  the message scored >10 in your SpamAssassin filter.  Surely you are
>  aware of the fact that such junk mail tend to have forged From:
>  headers?
> 
>   How many other innocent third parties have you spammed through the use
>  of this broken program?  How many of these are Debian users, do you
>  think?
[...]

I suggest cloning this bug against vacation and probably exim4, as it
includes its own vacation-service.
               cu andreas

Reply to:

References:
- Re: tmda: Challenge-response is fundamentally broken
  - From: Tore Anderson <tore@linpro.no>

Prev by Date: Re: tmda: Challenge-response is fundamentally broken
Next by Date: Re: NMUs applying sleeping wishlist bugs about translation (was something else)
Previous by thread: Re: tmda: Challenge-response is fundamentally broken
Next by thread: Re: tmda: Challenge-response is fundamentally broken
Index(es):
- Date
- Thread