Here is something for your weekend list of things to ponder... I heard from a potential customer (small ISP) yesterday that tried a Challenge/Response system for 4 hours.
Here is what happened (as best as I can explain it). He implements the Challenge/Response system. A few of his users send emails to others whose ISPs are also using a (presumably different) Challenge/Response system. The remote systems receive the messages his users sent, and send out Challenge messages. His server received the Challenge messages and it sent out Challenge messages of its own back to the address on remote server that sent the Challenge message. No human ever sees any of the messages. This is bad enough, but it also works in reverse, and this is how he found about the problem. Users of some remote system using Challenge/Response send his users messages and his system generates Challenge messages. The remote server receives the Challenge messages and sends new Challenge messages back to his server. His server sends back bounce messages because his Challenge messages were sent from a "no-reply" account. Then his server receives Challenge messages to the bounce messages and generates bounce messages of it's own. He notices that there are several hundred Challenge and bounce messages going both ways repeatedly after a few hours, and he has to shut it down and kill the reply accounts to stop the loop. Don't know if it actually stopped any spam ;) Brian --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
