Re: Look at these update from M$ Corporation.
On Fri, Aug 01, 2003 at 11:18:23AM -0700, Alan Connor wrote:
> Colin Watson wrote:
> > On Fri, Aug 01, 2003 at 02:38:10AM -0700, Alan Connor wrote:
> > > I should have added that debian.org is on my pass list. The
> > > domain name.
> > >
> > > Anyone mailing me from any address there wouldn't even know I was
> > > running a C-R system.
> >
> > A fair proportion of my spam comes from debian.org addresses;
> > spammers are becoming more adept at forging sender addresses,
> > frequently by pulling addresses from e.g. web pages and using one
> > address as the source and the others as the target, so the
> > recipients are likely to know the alleged sender.
> >
> > I predict that challenge-response systems will become increasingly
> > less useful as time goes on due to this trend.
>
> Once again you demonstrate your ignorance of, or prejudice against C-R
> systems
I do not dispute that they eliminate spam, at least with the current
generation of spamming technology. I merely claim that they are far from
invulnerable, in particular to false positives. Some people care about
this, some don't, and that's fine. However, *please* accept the
existence of the other camp!
If you wish to mischaracterize every genuine disagreement as "ignorance"
or "prejudice", then I'm afraid that I have no time to debate with
somebody with the zeal of a missionary.
> Mail from debian.org to me must COME from debian.org...
>
> Don't tell me you have never heard of Received: headers? (etc.)
So, my mails (not mails through this list, but direct mails) are sent
through debian.org systems, are they? That's interesting. And you've
never encountered a spammer forging Received: headers? I think you're
mistaken on both counts. I've read your script and I don't see how it
could defend against forged Received: headers, even in principle.
Frankly, your bare hostility and responses of abuse to any criticism of
your baby is not an approach likely to convince people ...
Cheers,
--
Colin Watson [cjwatson@flatline.org.uk]
Reply to: