Top 10 reasons why challenge/response (C/R) is bad:
[1] You end up being a spammer (the majority of spam sent to you will result in
confirmation requests being sent to innocent victims)
[2] Spammers now send pretend confirmation requests, presumably to make people
less likely to respond to C/R requests
[3] Many people respond to C/R requests that they never initiated (sometimes
intentionally, sometimes not). Some people who are fed up with bogus C/R
requests respond to all of 'em, knowing that the spam will start getting
through to people hiding behind C/R.
[4] C/R companies have been known to send out spam and harvest addresses of
people sending to their customers, and apparently sell those addresses to
spammers
[5] The C/R system is patented, so most anti-spam programs using C/R have legal
liabilities waiting to be ironed out. The C/R program you buy today may go
under tomorrow.
[6] Confirmations sent to mailing lists won't work
[7] Confirmations sent to others using C/R won't work. If everybody had C/R,
nobody could send E-mail to anybody!
[8] People who offer a free service end up losing money (by spending time
investigating and responding to C/R systems, dealing with spam received as a
result, etc.) and sometimes get fed up with C/R systems and eventually stop
offering free advice (never knowing how many people won't get their E-mails),
harming everybody.
[9] Legitimate E-mail from automated services won't be seen (such as when
ordering products online)
[10] Due to #1-#9, most C/R challenges are treated as spam -- if the challenge
never gets through, the response will never get through.
David
On 11/3/2014 7:06 PM, John Tolmachoff wrote:
No, sorry Challenge/Response is just bad. Period.
I can still remember the lengthy heated discussions back in the day with Len
and Sandy and Scott and others.
-----Original Message-----
From: "Michael Cummins" <mich...@wddx.net>
Sent: Thursday, October 30, 2014 12:55pm
To: community@mailsbestfriend.com
Subject: [MBF] Re: Thoughts on how to deal with the current SPAM campaigns
I have some clients that would enjoy a challenge/response sort of sender
verification, if we're imagining new features. :)
- Michael Cummins
From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com]
On Behalf Of Linda Pagillo
Sent: Thursday, October 30, 2014 3:18 PM
To: community@mailsbestfriend.com
Subject: [MBF] Re: Thoughts on how to deal with the current SPAM campaigns
Hello everyone. I wanted to chime in here. We (MBF) actually have a utility
for implementing exactly what Scott is proposing if anyone is interested in
trying it. We call it The Gauntlet. Also, the following link has some
additional information about how a program such as this works:
http://www.lifeatwarp9.com/2012/06/gauntlet-a-solution-to-pre-tested-spam/.
Please let me know if you have any questions about it.
Linda Pagillo
Mail's Best Friend
Email: linda.pagi...@mailsbestfriend.com
<mailto:linda.pagi...@mailsbestfriend.com>
Web: www.mailsbestfriend.com <http://www.mailsbestfriend.com>
Office: 703.988.3605 x7016
From: community@mailsbestfriend.com <mailto:community@mailsbestfriend.com>
[mailto:community@mailsbestfriend.com] On Behalf Of Scott Fosseen - Prairie
Lakes AEA
Sent: Thursday, October 30, 2014 1:11 PM
To: community@mailsbestfriend.com <mailto:community@mailsbestfriend.com>
Subject: [MBF] Thoughts on how to deal with the current SPAM campaigns
Here is a thought I have that may be effective on these zero-day SPAM
campaigns. It does have a big drawback, but the users may be OK with it if
it stops the SPAM.
Here is my idea. I am going to say this is from my standpoint of using
SmarterMail.
The basic idea is to process each message through declude twice. Any
message that declude did not whitelist or delete would be sent to a hold
queue folder and after a set amount of time declude would rescan the
message.
The first time through declude the message would process and drop out of
declude only if whitelisted, or deleted. The message would also be counted
by reputation tests such as barracuda. Once the message is processed it
would be put in a hold queue where it would set for a set amount of time
(Say 30 min). The delay would give a chance for tests to identify SPAM
campaigns. After the Queue delay has passed Declude will process the
message again and take the normal action to the message when complete.
Thoughts?
#############################################################
This message is sent to you because you are subscribed to
the mailing list <community@mailsbestfriend.com>.
To unsubscribe, E-mail to: <community-...@mailsbestfriend.com>
To switch to the DIGEST mode, E-mail to <community-dig...@mailsbestfriend.com>
To switch to the INDEX mode, E-mail to <community-in...@mailsbestfriend.com>
Send administrative queries to <community-requ...@mailsbestfriend.com>
--
David Barker
Mail’s Best Friend
Email : david.bar...@mailsbestfriend.com
Web : www.mailsbestfriend.com
Office : 866.919.2075
Mobile : 978.518.6461
#############################################################
This message is sent to you because you are subscribed to
the mailing list <community@mailsbestfriend.com>.
To unsubscribe, E-mail to: <community-...@mailsbestfriend.com>
To switch to the DIGEST mode, E-mail to <community-dig...@mailsbestfriend.com>
To switch to the INDEX mode, E-mail to <community-in...@mailsbestfriend.com>
Send administrative queries to <community-requ...@mailsbestfriend.com>