on Sat, Jul 10, 2004 at 10:00:47PM +0200, David Fokkema (dfokkema@ileos.nl) wrote:
> On Thu, Jul 08, 2004 at 04:46:24AM -0700, Karsten M. Self wrote:
> > on Fri, Jun 25, 2004 at 12:37:45PM -0600, Monique Y. Mudama (spam@bounceswoosh.org) wrote:
> > > On 2004-06-25, Paul Johnson penned:
> > > > --=-=-=
> > > >
> > > > "Monique Y. Mudama" <spam@bounceswoosh.org> writes:
> > > >
> > > >> You can use procmail, tmda, or any other filtering app for this.
> > > >> Here's what I have in my tmda configuration:
> > > >
> > > > Don't use TMDA. Challenge-response considered harmful.
> > > >
> > > > http://kmself.home.netcom.com/Rants/challenge-response.html
> > >
> > > Challenge-response isn't the only thing tmda does.
> >
> > Granted.
> >
> > It's the primary selling point of the tool, however. And much of the
> > information used to sell it is just plain wrong. This has been detailed
> > many, many times.
> >
> > Jason Mastaler accepts criticism so graciously he's banned me from any
> > mail access to his domain. Go figure. That's adult, open, honest, and
> > principled.
> >
> > But we'll let the intelligent folks here do the math for themselves:
> >
> > http://zgp.org/pipermail/linux-elitists/2003-September/007390.html
> > http://www.linux.ie/pipermail/ilug/2003-September/006931.html
> > http://zgp.org/pipermail/linux-elitists/2003-September/007393.html
> > http://mla.libertine.org/tmda-users/2003-09/msg00270.html
> >
> >
> > There's really nothing to argue about.
>
> Karsten, what I really don't get is why a person like you who likes
> doing research and pressing his points, can't be a little bit more
> objective now and then. I agree with you (took some time, granted,
> remember that thread many months ago started by that non-person?) that
> C-R isn't a good solution to spam, but, if you look at it objectively,
> there are some points stated in your C-R rant that don't apply to tmda.
> You should grant them that, I think.
If you'll be specific, I'll address them.
However:
- The premise of CR _is_ flawed.
- There are problems are inherent and cannot be addressed by technical
means.
Namely, and these are global problems with C-R:
- Filtering methods don't work. They do. Many TMDA proponents claim
same (but use TMDA for C-R anyway).
- The premise that I'm responsible for mail claiming to come from me
is false.
- The premise that responses to challenges can be reliably predicted
is false. Legitimate senders will refuse to answer challenges.
Spammers can and do respond to challenges.
- The math for C-R simply doesn't scale.
- People's response to C-R is going to be colored by the method as a
whole. The challenge recipient doesn't know if they've got a
well-behaved system or not. They know they've received a challenge,
and that most of same they get are spam. This will be reflected in
behavior: people will stop responding to challenges. And a lot of
mail will be lost by users of C-R systems.
These are problems inherent in the system. There are other issues, and
my initial rant could be revised. The basic truth hasn't changed: C-R
sends unsolicited mail in bulk. It's spam.
Peace.
--
Karsten M. Self <kmself@ix.netcom.com> http://kmself.home.netcom.com/
What Part of "Gestalt" don't you understand?
Like mother, like daughter.
Attachment:
signature.asc
Description: Digital signature