Karsten M. Self said: > on Mon, Sep 22, 2003 at 07:03:47PM -0600, Jacob Anawalt > ([EMAIL PROTECTED]) wrote: > >> There's a company that provides this service. First time emails to you >> get >> an auto-response "You aren't authorized to send me email, visit this web >> page to get authorized" or something like that. I Googled and can't find >> it again. Interesting idea. > > This is known as "challenge-response", and as an anti-spam / anti-virus > method, without mitigation, it's simply unacceptable. > > Swen spoofs addresses resolving to nonexistent addresses (challenge to > Verisign), Microsoft (ditto), or Morgan Stanley (ms.com). As Verisign > has elected to receive this crap, and Microsoft is responsible for the > problem, I'm not shedding tears for their admin teams. Morgan Stanley, > however, is taking a hit on about 5% of all Swen bounces, and is a > completely innocent party. When their lawyers pay you a visit for > Joe-job DDoSing them, note you've been warned. > > SoBig.F spoofed arbitrary senders. Same problem except that the load > was more broadly distributed. > > I've received far more invalid, than valid, C-R challenges. This is > simply spam by another name. > > http://kmself.home.netcom.com/Rants/challenge-response.html > > ...also discussed at some length in d-u last month. >
Since I posted this I've read the whole challenge and response (C-R) thread and updated myself on some of the content on your site including the aforementioned link. I won't be seeing Morgan Stanley lawyers about bouncing email at them because I don't bounce email. I stop it at SMTP. -- Jacob Trying out SquirrelMail -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
