Re: tmda: Challenge-response is fundamentally broken
On Wed, Aug 27, 2003 at 11:08:23AM +0200, Tore Anderson wrote:
> severity 207300 grave
> quit
>
> * Karsten M. Self
>> Briefly: challenge-response (C-R) spam fighting systems are
>> fundamentally broken by design.
[...]
> You just spammed me with one of your "challenges", Adam. I do not
> think I have ever before sent you an e-mail, and I am 100% certain I
> have never sent you any trojan horse designed to break Microsoft
> Outlook. Upon inspection of the headers, I see you did so even after
> the message scored >10 in your SpamAssassin filter. Surely you are
> aware of the fact that such junk mail tend to have forged From:
> headers?
>
> How many other innocent third parties have you spammed through the use
> of this broken program? How many of these are Debian users, do you
> think?
[...]
I suggest cloning this bug against vacation and probably exim4, as it
includes its own vacation-service.
cu andreas
Reply to: