Re: [Declude.JunkMail] Challenge/Response with Declude

[Matt]

Todd, Two things. 1) AutoWhite != AUTOWHITELIST ON 2) You don't want to have an auto-responder that handles messages that might come from forged addresses. I think the bottom line here is that although you don't mean to do this, C/R would create a problem for other administrators that are getting Joe-Jobbed by spammers.  The proper method is to fine-tune your system, and if you aren't comfortable with the false positives that occur, you need to raise your fail weight and let your users deal with the issue rather than another administrator potentially.  Although my system is not perfect, personal E-mail, the only thing that C/R works for, rarely FP's. FYI, Joe-Jobs have killed the nobody alias on my server, and a scan of my logs the other day showed that one domain is still getting Joe-Jobbed 3 weeks later by one of these criminals that's dictionary attacking/spamming AOL.  There is almost always a Joe-Job happening on one of the 60 domains that I host, and sometimes they use real addresses, and when that happens, it can result in as many as 100 bounce messages a day to one account.  I also noted last weekend that in one 24 hour period, about 6 of my customer's domains were being dictionary attacked, and in a distributed manner (Korean/Chineese servers mostly). I'm sure that they were using someone else's domains to do it as well. C/R = BOUNCE BOUNCE = BAD :( I wish this wasn't true. Matt Todd Holt wrote: Is it true that AutoWhite only works on WebMail? Could someone elaborate on the AutoWhite functionality, because I must have missed something to think would cover these C/R issues. I do like the idea of C/R only for grey area messages. This would virtually eliminate the complaints of challenging the obvious good or obvious bad messages, then reducing the number of challenge messages to something less than 5% of the messages. Todd Holt Xidix Technologies, Inc Las Vegas, NV USA www.xidix.com 702.319.4349 -----Original Message----- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED]] On Behalf Of John Tolmachoff (Lists) Sent: Wednesday, January 28, 2004 12:20 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Challenge/Response with Declude That is what AutoWhite for Declude does. However, that does not lesson any of the problems with C/R software. John Tolmachoff Engineer/Consultant/Owner eServices For You -----Original Message----- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED]] On Behalf Of Greg Foulks Sent: Wednesday, January 28, 2004 12:05 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Challenge/Response with Declude I guess what I'm trying to say is that I like the concept.... I also agree with all of con's that have presented. It would be nice if there was someway we could automate the whitelist. What about this spin? What if Declude took the email address that the internal user was sending to and put it in the whitelist? If it's a good address going out then it must be good coming in, right? Greg Andy Schmidt wrote: Hi, I think the consensus is it is not acceptable << Then let mine be the only opposing voice. I think because of Declude's weight features, Challenge/Response would be a very valuable and very usable option. Any messages with LOW weight pass. This addresses your concern of "breaking e-commerce". If they want to make money, they better have their mail server set up appropriately. Any messages with HIGH weight, get held or deleted. I have yet to hear a complaint. In the middle are a small percentage of medium weights that do fail a spam test or two - but are possibly legitimate. Those few messages currently get a bounce message so that a false positive "victim" has a chance to "intervene". I have gotten zero complaints from people saying "hey, you spammed me with your bounce message", but every so often I do get a thank you from a "false positive" victim who, due to my bounce message, is able to address THEIR problem. It is those bounce messages, which in the future could come with a "challenge/response" URL, containing the URL with the queue-ID as a parameter to a web application that will release their message. It's a shame that we currently are forced to "manually" manage the false positives when Declude could automate that process! (Hm - now that I'm saying this - I should just write a little web application that copies the held D and Q file back to the spool and include the parameterized URL in my bounce messages... If I only had the time...) Best Regards Andy Schmidt H&M Systems Software, Inc. 600 East Crescent Avenue, Suite 203 Upper Saddle River, NJ 07458-1846 Phone: +1 201 934-3414 x20 (Business) Fax: +1 201 934-9206 http://www.HM-Software.com/ --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. . --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus (http://www.declude.com)] --- [This E-mail scanned for viruses by Declude Virus (http://www.declude.com)] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. -- ===================================================== MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ =====================================================