On Mon, 2005-05-30 at 16:34 +1200, Chris Bannister wrote: <snip> > There has been heated debate on comp.mail.misc about C/R systems. > > There is a "Fighting email spam and anti-UBE pointers" posting which is > posted to comp.mail.misc, comp.answers, news.answers 2 times a month. > > Excerpt: > > "Challenge-Response system is based on false assumption that sender's > address can be used for authentication. It cannot and thus any C-R > system will contribute nothing else by amplifying the spam problem."
And the hidden (and unproven) assumption in this statement is that spammers use real email addresses that have been validated. I have seen worms do this. I have never seen spammers do this. If this (challenge-response) were to become a common system, spammers might start using real email addresses. But since it isn't, they don't. Further, there are technical means that are starting to be used to combat the problem of faked return domains for similar reasons. Since I strongly disagree with the premise, I do not accept the conclusion. In my opinion, C/R is a viable method of combating spam -- but not the only one, nor should it be used alone. -Ian -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
