[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Challenge-response mail filters considered harmful



At 2003-08-06T19:36:27Z, Alan Connor <alanc@kanga.honeypot.net> writes:

Alan,

<shout>
FIX YOUR STUPIDLY BROKEN FROM: HEADER!  YOU ARE *NOT* IMPROVING YOUR
CREDIBILITY.
</shout>

> It goes in cron.daily and checks all the password/address combos for
> Challenge-Responses that were issued more than 48 hours in the past, and
> for which a reply has not been received.

That's the dumbest idea I've heard yet.  *All* of your email contacts have
good connections and check their mail daily?

Let me shoot you a scenario:

1) My relative, an older lady with a WebTV, sends me an email after I've
   installed your system.

2) She promptly goes offline to watch TV, garden, or do whatever else she
   uses to fill the time that people like you and me don't have because we
   spend their days writing free software.

3) My shiny new challenged-response filter waits 48 hours before dropping
   her email address from my waiting list and deleting her message to me.

4) Next week, she goes online and gets an email from her younger relative.
   She's confused, because she doesn't know a lot about computers or the
   Internet, but it says to hit reply, so she does.

5) She never hears from me again, spends the rest of her days cold and
   lonely, and removes her ungrateful younger relative from her will.

Tell me again which part of this is better than SpamAssassin, which would've
said "let's see, no 'get rich quick', no 'Nigeria', no 'enlarge your cable
descrambler', OK, send it!"
-- 
Kirk Strauser

Attachment: pgpaxCgMLFgIS.pgp
Description: PGP signature


Reply to: