Re: Challenge-response mail filters considered harmful (by spammers)
There is SO much misunderstanding (and disinformation) about CR systems here.
Let's say I was going to mail a business. Here's what would happen:
The address that I mailed to would go into the temporary part my passlist
automatically, and any mail from that address for the next 7 days would be
accepted. Likely, all I would get is an auto-response from that address.
The sig would look like this:
--
Please include this signature in any response to this mail. Thank You.
030303284857463625397654736322637485969437549596969685747
The first 6 characters are the date, UTC, making it easy to expire the password
in a week, with a different one going out with each mail.
Since including the initial mail in the reply is standard practice in the
business world, and with most individuals for that matter, there is nothing
remotely unusual or discomfiting about the request.
I do the same with any individuals I initiate contact with. No one has ever
said a word about it, except perhaps to ask what it is about.
The procmail recipe, for my fellow hackers out there, is simplicity itself:
:0 B:
* .*030303284857463625397654736322637485969437549596969685747
inbox
This also goes in the temporary section of my passlist.
To generate the number you can do:
echo "`date -u +%m%d%y`"$RANDOM""$RANDOM""$RANDOM""$RANDOM""$RANDOM""$RANDOM"\
"$RANDOM""$RANDOM""$RANDOM""$RANDOM""$RANDOM"" | sed 's/\(^.\{55\}\)\(.*\)/\1\
/' > file
(if anyone can clean that up for me, I'd appreciate it.)
See? Who is inconvenienced? Can a spammer beat that? NO.
Alan
--
For Linux/Bash users: Eliminate spam with the Mailbox-Sentry-Program.
See: http://tinyurl.com/inpd for the scripts and docs.
Reply to: