on Mon, Sep 08, 2003 at 03:40:15PM +1000, Matthew Palmer (mpalmer@debian.org) wrote: > On Mon, Sep 08, 2003 at 06:04:39AM +0100, Karsten M. Self wrote: > > on Mon, Sep 08, 2003 at 01:57:54PM +1000, Matthew Palmer (mpalmer@debian.org) wrote: > > [W3C's autoresponder] > > > > This one's a bit different. It's only asking for permission to archive > > > posts to the list - I guess W3C's just trying, as hard as possible, to avoid > > > any possible legal problems. > > > > It's still an instance in which the autoresponse would not have been > > triggered had any half-decent AV/AS system been used to filter out > > spam and viruses. This was a response to the SoBig.F worm. > > Sorry, I didn't make my position sufficiently clear. This system is > as broken as every other Challenge-Response, in that it has the > potential to annoy the shit out of a lot of people very easily, and > become a nice anonymous harassing agent. > > I was just making the point that it isn't the same as a regular C-R > system, in that the intent wasn't so much to say "I want to make sure > you're not a spammer" and more "I want to make sure you agree to your > posts being publically archived" - at the very least it's a little > less offensive than normal (it's not saying "You're a spammer - prove > me wrong!"). Agreed. This is the difference between broken-by-configuration, and broken-by-design. I wasn't saying that the problem was identical to that of C-R, only that _any_ autoresponder should make reasonable efforts not to do Joe-Jobs. MTA behavior can be fixed (or at least greatly remedied) by filtering. C-R cannot as it assumes the solution to the problem is to offload the authentication on a third party, itself unverified, unknown, unauthenticated, and untrusted. Peace. -- Karsten M. Self <kmself@ix.netcom.com> http://kmself.home.netcom.com/ What Part of "Gestalt" don't you understand? The truth behind the H-1B IT indentured servant scam: http://heather.cs.ucdavis.edu/itaa.real.html
Attachment:
pgpgSDpLAm6Vd.pgp
Description: PGP signature