Re: Look at these update from M$ Corporation.

To: debian-user@lists.debian.org
Subject: Re: Look at these update from M$ Corporation.
From: Colin Watson <cjwatson@debian.org>
Date: Fri, 1 Aug 2003 21:17:28 +0100
Message-id: <[🔎] 20030801201728.GA1983@riva.ucam.org>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] 20030801181823.GA618@earthlink.net>
References: <[🔎] 20030801181823.GA618@earthlink.net>

On Fri, Aug 01, 2003 at 11:18:23AM -0700, Alan Connor wrote:
> Colin Watson wrote:
> > On Fri, Aug 01, 2003 at 02:38:10AM -0700, Alan Connor wrote:
> > > I should have added that  debian.org is on my pass list. The
> > > domain name.
> > > 
> > > Anyone mailing me from any address there wouldn't even know I was
> > > running a C-R system.
> > 
> > A fair proportion of my spam comes from debian.org addresses;
> > spammers are becoming more adept at forging sender addresses,
> > frequently by pulling addresses from e.g. web pages and using one
> > address as the source and the others as the target, so the
> > recipients are likely to know the alleged sender.
> > 
> > I predict that challenge-response systems will become increasingly
> > less useful as time goes on due to this trend.
> 
> Once again you demonstrate your ignorance of, or prejudice against C-R
> systems

I do not dispute that they eliminate spam, at least with the current
generation of spamming technology. I merely claim that they are far from
invulnerable, in particular to false positives. Some people care about
this, some don't, and that's fine. However, *please* accept the
existence of the other camp!

If you wish to mischaracterize every genuine disagreement as "ignorance"
or "prejudice", then I'm afraid that I have no time to debate with
somebody with the zeal of a missionary.

> Mail from debian.org to me must COME from debian.org...
> 
> Don't tell me you have never heard of Received: headers? (etc.)

So, my mails (not mails through this list, but direct mails) are sent
through debian.org systems, are they? That's interesting. And you've
never encountered a spammer forging Received: headers? I think you're
mistaken on both counts. I've read your script and I don't see how it
could defend against forged Received: headers, even in principle.

Frankly, your bare hostility and responses of abuse to any criticism of
your baby is not an approach likely to convince people ...

Cheers,

-- 
Colin Watson                                  [cjwatson@flatline.org.uk]

Reply to:

Follow-Ups:
- Re: Look at these update from M$ Corporation.
  - From: Manoj Srivastava <srivasta@debian.org>

References:
- Re: Look at these update from M$ Corporation.
  - From: Alan Connor <alanconnor@earthlink.net>

Prev by Date: 2.4.18-586tsc pcmcia troubles
Next by Date: Re: User Mangment: LDAP, AFS, Kerberos
Previous by thread: Re: Look at these update from M$ Corporation.
Next by thread: Re: Look at these update from M$ Corporation.
Index(es):
- Date
- Thread