On Wednesday 03 May 2006 10:58, Dave Platt wrote: > Tom Brown <[EMAIL PROTECTED]> wrote: > > Hi, > > > > One of our users sent an email to a person at another network. Our user > > received the message below. It is asking our user to validate that they > > are a real person. Once validated, they do not have to do it again. This > > is a nice feature because it has the potential to eliminate spam. Does > > courier have plans to implement something like this in a future release? > > This is known as a "challenge-response" system. > > They are extremely controversial. The reason is that they can cause > more problems (for legitimate mail senders, and for innocent third > parties) than they solve (for the recipient of the mail). > > They do help defend people against unwanted mail. I don't think that > there's any question about that. > > They have several serious negative consequences, though: > > - They cause "backscatter". A large percentage of spam is sent, > these days, using forged email addresses - often legitimate ones. > If a challenge/response filter receives a piece of spam of this > sort, it will send the challenge to the person whose address > was forged onto the spam - not to the spammer. In effect, > the cost of dealing with the spam is transferred from the > spam's intended recipient, to the person whose address was > forged - the cost does not magically go away. > > - If someone voluntarily subscribes to an email distribution list, > it's possible for *every* person who sends mail to that list to > start getting challenge/response requests from the subscriber's > filter. It's really annoying to be challenged for "permission to > send this person email" by someone who you've never dealt with > directly. > > - In other cases, the scenario above can result in the list > manager being bombarded by the challenges. I don't know about > you, but if somebody voluntarily signed up for a list I ran and > then started sending back challenges, I'd take 'em right off of > the list and blacklist them from it forever. > > - If both the sender and the recipient happen to use challenge/ > response filters, it's possible for the recipient's initial > challenge to be blocked by the sender's challenge! If this > happens, the mail never gets through, and neither party ever > receives notification that the blockage has occurred. > > A lot of people feel that the use of a challenge/response system > is an inherently selfish act by the person using it. It doesn't > make the spamming problem go away - it just hides it from the > person using the challenge system, and transfers the hassle to > other people. > > Given how hard Sam has tried to ensure that Courier doesn't become > the cause of "backscatter" to innocent parties, I'd be > utterly surprised if he ever implemented a challenge/response > system as part of Courier or Maildrop. > > I have no doubt that you could use Courier, Maildrop, and/or > Procmail to feed incoming mail into a third-party-written > challenge/response filter of some sort. I advise against doing > so for the reasons I've given above.
Thank you for your reply. This is very good information. Now, if I am approached to implement a challenge-response system, I have very good reasons why this is a Bad Thing. Thanks, Tom ------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ courier-users mailing list [email protected] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
