[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: tmda: Challenge-response is fundamentally broken (RAPNAP)

On Sat, 2003-09-06 at 08:32, Russell Coker wrote:

> Here's how it works.  Spammer creates account live2spam@hotmail.com and sends 
> their first spam to a C-R system, when the challenge comes in they 
> acknowledge it and from then on the C-R system does not bother them because 
> they keep using the same small range of IP addresses.  Hotmail cancels their 
> account pretty quickly, but as the C-R system does not send any changes 
> unless they change their IP address (and they don't change their IP address 
> to avoid C-R systems) then it's not a problem for them.

Spammer pays the pay2send infrastructure ten thousand dollars in
advance to send from the return address live2spam@hotmail.com, and
all participating mail gateways bill out of the payment made in advance,
and when the ten thousand runs out, the mail from live2spam@hotmail.com
is no longer relayed.

The C-R system prevents someone who is not using spammer's IP address
from forging live2spam@hotmail.com as a return address and stealing part
of spammer's postage budget.

Don't hate spammers, figure out a way to bill them.  They are in
business, they pay for things, they expect to be billed.  Everyone
who has considered sender-pays agrees that it provides a better solution
than legislation.

Reply to: