On Fri, 18 Dec 2009, Glenn Stone wrote: > On Fri, Dec 18, 2009 at 06:22:37AM -0500, John Aldrich wrote: > >On Friday 18 December 2009, Derek Simkowiak wrote: > >> I've been tempted to use TMDA: > >> > >> http://tmda.net/ > >> > >> With TMDA, new email senders get a "Are you really a human?" > >>
As someone that has done this for a living, let me just point out, that if you use Challenge/Response systems, you will get block listed by some recipients based on RBL's listing you for 'originating' spam. The reasons for this are: -- Your C/R system might return the original message to the sender. When RBL test SMTP at your site, if they got a response to the test mail they sent, they will list you as a potential origin of joe-job spam. -- Your C/R system might also enable joe jobs. When someone sends a message to it, and they bcc thousands of targets, do you have any idea whether those thousands of targets get the message reflected? If the answers not a confirmed tested 'no' then you are probably vulnerable to being a joe jobber. And rightly will get listed as such. -- Your C/R system cannot tell the difference between RBL probes and legitimate mail. How many times do C/R's get reported for doing their job. More than a few. -- Your C/R explains exactly to the spammers what they need to do in order to get mail accepted at your domain. C/R is a great idea for people that want to take petty revenge, but they do nothing to actually stop spam, and in some demonstratable ways they backfire, cause others to have to work, and will get you listed. Trust me, the majority of the email industry sees C/R as 1) 10 years outdated, 2) bush league, and 3) block on sight of first trouble. Thats my .02. I handled abuse complaints full time 2004-2007, C/R idiots were a constant issue. They think they're being so smart with their nice C/R, all they're doing is telling the spammers how to break into their systems, and getting themselves RBL listed in the process. The standard industry response to C/R now I see is "block the minute they see any trouble from it." But ymmv, one thing I've learned in six years of working with local administrators is they are among the most intractable group I've run across. By all means your C/R works, not like those other ones, and whoever listed you is wrong. +------------------------- + Dave Dennis + Seattle, WA + Speakeasy, Inc. + [email protected] + http://www.speakeasy.net +-------------------------
