On Wednesday, September 17, 2003, at 16:26, you wrote: > Robin Lynn Frank <[EMAIL PROTECTED]> writes:
>> The major objection I see being raised by opponents to challenge/response is >> that if someone spoofs their address in spam, that they may get "thousands" >> of challenge messages to mail they never sent. [snip] > I don't think this would help in the scenario you describe. The > reason someone would get "thousands" of challenges is that their > address was forged on thousands of SPAMs. For the most part, each one > of those thousands of SPAMs is going to a different person. If each > person who receives one of those SPAMs has code to do the above, each > person (1000s) will send one challenge to the forged address. That > means the forged address will still receive thousands of challenges, > even though each SPAM recipient running a C/R system like TMDA only > sent one. [snip] Probably the only way to alleviate this problem is to run something in front of TMDA that tags spam so that it doesnt respond to it. Then you have to persuade all other users to do this as well.... I run spamassassin as a 'pipe' filter in TMDA. This way I can tell tmda to do different stuff with known spam. I tend not to challenge spam identified by spamassassin as the majority of times its got false/spoofed email addresses in it - I'll just put it on hold (I can release it if I see it has been incorrectly identified later or leave it and it'll disappear from my pending queue automagically sometime in the future). To be honest, I could probably set TMDA to drop all mail tagged as spam as I rarely get real messages tagged as spam but I like the catch net the pending directory provides. This way TMDA deals with the spam not caught by spamassassin and my whitelists/blacklists/filters deal with everything else. The person whose been "joe jobbed" hopefully wont receive a confirmation from me. Marcus -- Marcus Williams -- http://www.quintic.co.uk Quintic Ltd, 39 Newnham Road, Cambridge, UK _____________________________________________ tmda-users mailing list ([EMAIL PROTECTED]) http://tmda.net/lists/listinfo/tmda-users
