Here is something for your weekend list of things to ponder...
I heard from a potential customer (small ISP) yesterday that tried a
Challenge/Response system for 4 hours.
Here is what happened (as best as I can explain it).
He implements the Challenge/Response system.
A few of his users send emails to others whose ISPs are also using a
(presumably different) Challenge/Response system.
The remote systems receive the messages his users sent, and send out Challenge
messages.
His server received the Challenge messages and it sent out Challenge messages
of its own back to the address on remote server that sent the Challenge
message. No human ever sees any of the messages.
This is bad enough, but it also works in reverse, and this is how he found
about the problem.
Users of some remote system using Challenge/Response send his users messages
and his system generates Challenge messages. The remote server receives the
Challenge messages and sends new Challenge messages back to his server. His
server sends back bounce messages because his Challenge messages were sent
from a no-reply account. Then his server receives Challenge messages to the
bounce messages and generates bounce messages of it's own.
He notices that there are several hundred Challenge and bounce messages going
both ways repeatedly after a few hours, and he has to shut it down and kill
the reply accounts to stop the loop.
Don't know if it actually stopped any spam ;)
Brian
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail. The archives can be found
at http://www.mail-archive.com.
