Sent to list.
On Thu, 2004-06-10 at 14:31, Jaroslaw Tabor wrote:
> Hello!
>
> W liście z czw, 10-06-2004, godz. 19:06, Greg Folkert pisze:
> > > Don't do it. Confirmation systems are just as bad as the problems that they
> > > try to solve.
> >
> > Here, here. Agreement on all fronts. If I get a challenge, I put it into
> > /dev/null
>
> I'm really surprised with your opinion. Is it so big problem, to press
> reply, when you are sending first email to someone new ?
> You are receving confirmation request whenever you are trying to update
> DNS, subscribe to newsgroup or talking with any automatic service. Is it
> so difficult ?
You see there is a difference there. *I* initiated them, not some
spammer. If someone doesn't want mail that could be very valuable to
them, especially if they asked for it on D-U... forcing me to write
another e-mail JUST to help them... nope, ain't gonna happen.
> Currently, in many cases when I'm sending email to address found on
> website I'm receiving challenge, and I fully understand people doing it.
> Whitelist with email/IP can decrease also number of challenges from
> spammers: email comming from different IP can be treated as spam
> automatically.
I implemented SPAM Filtering software and have continued to train it
with ham and spam. I started when last year when I was getting ~ 6,000
Swen e-mails a day. My e-mail address is posted EVERYWHERE.
Since that point, I get maybe 3 a day. When they ("they" being the
spmmers) find a new way to trick the Bayesian testing I use I'll get a
spat of about 12 or so for a few days then back to maybe 3 a day. I use
server side software (maildrop and procmail) to do the sorting after it
has been graded by the filter.
I still get upto 1000 e-mail messages a day, but those are from mailing
lists and people I support via e-mail. If I had a CR system in place,
I'd have to maintain more than I want. Consider in a given day, I e-mail
about 30+ new people a day.
I also can be and am very busy in Debian's Mailing list(s), Samba, Exim,
Grip, Elitists and many other venues. If I got a CR back for every one
of the e-mails I sent to a mailing list, I'd be answering thousands of
NEW Challenges a week. Sounds like SPAM to me. When you understand that
nearly every challenge I get comes from a forged envelope-from(or
similar), I can't see how it reduces the problem, it just double perhaps
triples the amount of mail traffic. Plus some are web-server driven
auth, thereby causing a loading of the program and grabbing of the URI
indicated in the e-mail I got from the Challenge.
So, basically: You get a piece of SPAM, your systems sends out another
piece of e-mail that is in response to the forged envelope, (assume) I
get this e-mail and then have to delete this mail or respond to it (a
third message) or goto a URI inside the Challenge (more processor time
and bandwidth) just so *YOU* can verify my message was or was not SPAM?
I consider sending me e-mail in Challenge form as unsolicited e-mail.
Therefore under my classification SPAM. Why should *I* verify your SPAM
problem for you. I deal with mine, and mine alone. I am not going to
spend resources (at my cost of those resources) to verify or not it
being SPAM.
Of course if everyone just affirmed the Challenge every time, it would
definitely not work. Where as my solution would continue to.
I also drop all of the "courtesy" notifications that *I* sent an
infected e-mail to a certain domain's user. There is another example of
Unsolicited E-Mail. I don't care to know that someone forged my e-mail
addy inside the one someone got. It does me absolutely ZERO good to even
read these. I have an automated system to send those to /dev/null as
well.
I deal with enough mail per day, CR systems DO NOT reduce my number,
Spam filtering does.
BY the way, I do support Whitelisting and Blacklisting to make sure
things I want to absolutely get through do, and things I don't won't.
BTW, are you not glad *I* don't CR everyone that e-mails me? It could
have taken you 3 messages to get me to see one.
--
greg@gregfolkert.net
REMEMBER ED CURRY! http://www.iwethey.org/ed_curry
Novell's Directory Services is a competitive product to Microsoft's
Active Directory in much the same way that the Saturn V is a competitive
product to those dinky little model rockets that kids light off down at
the playfield. -- Thane Walkup
Attachment:
signature.asc
Description: This is a digitally signed message part