[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Challenge-response mail filters considered harmful

Also sprach Alan Connor (Tue 05 Aug 02003 at 05:43:58PM -0700):
<snip />

> I know that some folks here have said that all the headers can be
> forged, but they are either ignorant or lying.

Please, support this with something other than your opinion, or desist.

> I have NEVER gotten spam from a forged passlisted domain address that
> got past other tests based on a mail solicited by me from that domain.

O, I'm sorry, Alan, so you *DO* use _other_ tools to combat spam?
Please, explain . . .

> I have almost 3 dozen domains on my passlist. Most have never sent any
> mail to me....But I have mailed them and gotten a response that allowed
> me to write a simple filter that will dump any mail whose headers don't
> reasonably conform to the pattern.

So, basically, *ALL* mail from those domains will pass -- UN-challenged
-- by your C-R system?  And, _none_ of those emails can possibly contain

> That's the thing about CR systems: You focus on what you WANT, rather
> than what you don't want.

How does this jive with your usage of ``other tests'' -- or, isn't C-R
adequate to the task of providing you with ``what you WANT'' ???

> > I realise that Challenge Response provides a
> > mechanism to allow the correspondent to verify their identity but can
> > equally recognise that this may sometimes be inappropriate.
> Once again, CR has NOTHING to do with verifying identity. It just
> requires strangers to give their real address if they want to talk to
> you.

Please, *WHICH* is my real address?  I have and regularly use eight (8)
email addresses, depending on where I'm at, in which client's facility,
on which ISP's network, &c.  I wish that I did not need more than one
email address; but, for me, that is *NOT* possible.

So, Alan, please, tell me which address is my ``real address'' !?!?

And, suppose that that address in the headers of this post was used to
communicate with you, and then I used another address in effort to
communicate with you, which is my ``real address'' and which my UN-real

O, and please, please, use your ``real address'' while posting to this
list, and can you try just a little harder to follow threads?

Thank you . . .

Best Regards,

mds resource
Dare to fix things before they break . . .
Our capacity for understanding is inversely proportional to how much
we think we know.  The more I know, the more I know I don't know . . .

Attachment: pgpuaGQdRqVgf.pgp
Description: PGP signature

Reply to: