Re: Challenge-response mail filters considered harmful
On (05/08/03 13:17), Alan Connor wrote:
> > From firstname.lastname@example.org Tue Aug 5 12:33:25 2003
> > As a disinterested observer (who currently has yet to get grips with
> > filtering spam - I do it manually at present) this argument seems to be
> > somewhat circular and repetitive .... or maybe I'm missing some subtle
> > illumination ... or maybe it is Monty Python ;)
> No. You are perfectly right. The circularity comes from the fact that there
> are a lot of people who think they have the right to force others to read
> any mail they choose to send them, anonymous or not.
> So they are dead-set against CR programs. Since most of their arguments have
> no merit at all, they are forced to continually re-phrase and re-circulate
> They also simply refuse to face the fact that if you are going to accept
> anonymous mail, you are going to be vulnerable to spamming and harassment.
> A telephone analogy is helpful:
> They are saying that they have the right to call anyone they want, without
> giving their phone number or permitting it to be verified.
> This is completely unreasonable, because the caller
> obviously has the callee's number and has verified it by calling them with
> With the telephone you have Caller ID. This doesn't exist on the Internet.
> The only reasonable equivalent is a CR program.
> Anyone who finds pasting a short string on a mail that is otherwise complete
> and clicking send , ONCE in a lifetime, in order to correspond with someone,
> is not a reasonable person. Myself and many others do not WANT such people
> to have access to their mailbox.
In my limited acquaintance with Linux (Debian in particular) I have
learnt there are many ways in which to solve a particular problem and
the choice of packages or solutions is largely a matter of personal choice
(in my case by following much of the guidance from this list).
In following this thread I deduce that for some, C-R solutions provide
effective blocking of unwanted emails (spam, viruses or others). It
would however, appear too effective for some, who would prefer to
exercise more direct control; specifically they want to be able to
choose whether to accept mail from someone they don't know (which wouldn't
necessarily be spam). I realise that Challenge Response provides a
mechanism to allow the correspondent to verify their identity but can
equally recognise that this may sometimes be inappropriate.
The PGP signature issue would seem to be tangential to the discussion
which is really about filtering (spamassassin etc) versus C-R (MSP
specifically). I am sure that for some your Challenge Response program
will be ideal but for others (and I suspect I will follow this
approach) spam filtering is the preferred approach. Both seem to have
their pros and cons but like so many packages in Debian their existance
makes the choice richer for us all.
Thanks for the illuminating discussion ;)