on Mon, Sep 22, 2003 at 07:03:47PM -0600, Jacob Anawalt (jacob@cachevalley.com) wrote:
> There's a company that provides this service. First time emails to you get
> an auto-response "You aren't authorized to send me email, visit this web
> page to get authorized" or something like that. I Googled and can't find
> it again. Interesting idea.
This is known as "challenge-response", and as an anti-spam / anti-virus
method, without mitigation, it's simply unacceptable.
Swen spoofs addresses resolving to nonexistent addresses (challenge to
Verisign), Microsoft (ditto), or Morgan Stanley (ms.com). As Verisign
has elected to receive this crap, and Microsoft is responsible for the
problem, I'm not shedding tears for their admin teams. Morgan Stanley,
however, is taking a hit on about 5% of all Swen bounces, and is a
completely innocent party. When their lawyers pay you a visit for
Joe-job DDoSing them, note you've been warned.
SoBig.F spoofed arbitrary senders. Same problem except that the load
was more broadly distributed.
I've received far more invalid, than valid, C-R challenges. This is
simply spam by another name.
http://kmself.home.netcom.com/Rants/challenge-response.html
...also discussed at some length in d-u last month.
Peace.
--
Karsten M. Self <kmself@ix.netcom.com> http://kmself.home.netcom.com/
What Part of "Gestalt" don't you understand?
At the sound of the toner, boycott Lexmark: trade restraint via DMCA.
http://news.com.com/2100-1023-979791.html
Attachment:
signature.asc
Description: Digital signature