What would happen to Challenge/Response if ...
I've been looking at a lot of options for dealing with Swen
and the next Sobig, soon to arrive. In the discussions here,
I learned that some people use tmda as a part of their spam
defense, and looking into it I soon learned that
TMDA == C/R
I had already heard that C/R is a bad thing, but I didn't hadn't
really read much about what it really is. So I read. And as I read, I
thought... You can object to it because it puts messages in your
mailbox that are themselves spam, when you did nothing wrong, and that
is at best annoying. Or, you can object to it because it is bad as a
matter of public policy. Or, perhaps both. And then I thought if it
annoys you, why don't you configure your MTA to autoreply to the
request for confirmation? It seems to me that it would be easily
recognized by an appropriate filter. The your reply would authorize
the sender of the challenge to look at the spam/swen that is already
on his computer. (It annoys you that he wants you to authorize him to
do something that you care nothing about? But by giving him that, he
is gone.) You would never see the transaction. You should filter the
acknowledgement email that he also sends when he recieves your
response. For it, you simple send to /dev/null. There will be no more
followup challenges, because you have responded. You should be careful
to not include the body of the challenge message in your
response. That would really add clutter to the internet. Instead,
craft your response to be as terse as possible.
What is the downside of doing this? Am I crazy?
I bet I'm not crazy, so the next question is: Will someone work out the
details of an exim/procmail setup that does this, and post it? I've
looked at the docs of exim and am intimidated.
I don't need it, because I've never been challenged. I'm just thinking
Paul E Condon