Re: Look at these update from M$ Corporation.

To: debian-user@lists.debian.org
Subject: Re: Look at these update from M$ Corporation.
From: David Fokkema <dfokkema@ileos.nl>
Date: Sat, 2 Aug 2003 22:20:10 +0200
Message-id: <[🔎] 20030802202010.GG3025@sirius.ileos.home>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] 20030802170625.GA955@earthlink.net>
References: <[🔎] 20030802170625.GA955@earthlink.net>

On Sat, Aug 02, 2003 at 10:06:25AM -0700, Alan Connor wrote:
> I am REALLY sick of ignorant (or disinformational ) posts like this one.

I am REALLY sick of posts like your one.

> The argument to the X-CR header is a password. A unique password to the
> transaction.

And then the address is whitelisted, right? And then that person can
send you mails without being challenged all the time, right? And then a
spammer can forge some headers and use that very same address and not be
challenged, right? Right? Right. Yes, they can. No, your system doesn't
check for forged headers because it can't distinguish them. Yes, given
time, especially if C-R is implemented on a large scale, spammers
_will_ make use of whitelisted addresses.

> Please do your homework or get a brain, or acquire some ethics, whichever
> of these applies.

I have done my homework, have a brain, have some ethics and still see
your reasoning to be flawed. Should I copy your homework, ditch my brain
and let my ethics be programmed by some loser instead?

> Now. Anyone who wants to learn about CR mail programs can visit my site, or
> mail me  or check out  Professor Timo Salmi's pages.
> 
> http://www.uwasa.fi/~ts/info/spamfoil.html   
> 
> http://www.uwasa.fi/~ts/info/proctips.html  

I read through the tmda pages. Still, I like the general concept,
although it simply does not work perfectly. For people not minding to
offend others and lose at least some good mail, it might perform almost
perfectly.

> For those of you who don't like CR systems:  
> 
> 
> Write your congressperson....You are boring the stuffing out of me.
> 
> And no, you can't just fire off a mail to me whenever you feel like it.
> That's what the list and newsgroups are for.

Let me see... If I send you a personal mail, reply to your challenge, my
address is whitelisted, right? And already forged headers have shown to
blow your scheme away. Let me apply for a hotmail address, send you a
mail, get whitelisted, scan for an open relay, forge some headers and
write a harrassing mail which will be sent out one thousand times to
you. Can be done by a near newbie bash scripter within the hour, I
guess...

David

Reply to:

References:
- Re: Look at these update from M$ Corporation.
  - From: Alan Connor <alanconnor@earthlink.net>

Prev by Date: Exim, alias patterns
Next by Date: Re: Question about SCSI IMMED flag in cdrecord!
Previous by thread: Re: Look at these update from M$ Corporation.
Next by thread: Re: Look at these update from M$ Corporation.
Index(es):
- Date
- Thread