Robin Lynn Frank <[EMAIL PROTECTED]> writes: > The major objection I see being raised by opponents to challenge/response is > that if someone spoofs their address in spam, that they may get "thousands" > of challenge messages to mail they never sent. > > Is it possible to do the following: > > Message received from [EMAIL PROTECTED] > | > TMDA sends confirmation request > | > 2nd, etc., message received from [EMAIL PROTECTED] > | > TMDA puts it(them) in the pending queue ... no confirmation request > | > Confirmation is received from [EMAIL PROTECTED] > | > TMDA releases all mail from [EMAIL PROTECTED] > > If it is impossible (or really dumb), let me know.
I don't think this would help in the scenario you describe. The reason someone would get "thousands" of challenges is that their address was forged on thousands of SPAMs. For the most part, each one of those thousands of SPAMs is going to a different person. If each person who receives one of those SPAMs has code to do the above, each person (1000s) will send one challenge to the forged address. That means the forged address will still receive thousands of challenges, even though each SPAM recipient running a C/R system like TMDA only sent one. Tim _____________________________________________ tmda-users mailing list ([EMAIL PROTECTED]) http://tmda.net/lists/listinfo/tmda-users
