On Sun, Jul 11, 2004 at 05:51:54PM -0700, Karsten M. Self wrote: > on Sat, Jul 10, 2004 at 10:00:47PM +0200, David Fokkema ([EMAIL PROTECTED]) wrote: > > On Thu, Jul 08, 2004 at 04:46:24AM -0700, Karsten M. Self wrote: > > > on Fri, Jun 25, 2004 at 12:37:45PM -0600, Monique Y. Mudama ([EMAIL PROTECTED]) > > > wrote: > > > > On 2004-06-25, Paul Johnson penned: > > > > > --=-=-= > > > > > > > > > > "Monique Y. Mudama" <[EMAIL PROTECTED]> writes: > > > > > > > > > >> You can use procmail, tmda, or any other filtering app for this. > > > > >> Here's what I have in my tmda configuration: > > > > > > > > > > Don't use TMDA. Challenge-response considered harmful. > > > > > > > > > > http://kmself.home.netcom.com/Rants/challenge-response.html > > > > > > > > Challenge-response isn't the only thing tmda does. > > > > > > Granted. > > > > > > It's the primary selling point of the tool, however. And much of the > > > information used to sell it is just plain wrong. This has been detailed > > > many, many times. > > > > > > Jason Mastaler accepts criticism so graciously he's banned me from any > > > mail access to his domain. Go figure. That's adult, open, honest, and > > > principled. > > > > > > But we'll let the intelligent folks here do the math for themselves: > > > > > > http://zgp.org/pipermail/linux-elitists/2003-September/007390.html > > > http://www.linux.ie/pipermail/ilug/2003-September/006931.html > > > http://zgp.org/pipermail/linux-elitists/2003-September/007393.html > > > http://mla.libertine.org/tmda-users/2003-09/msg00270.html > > > > > > > > > There's really nothing to argue about. > > > > Karsten, what I really don't get is why a person like you who likes > > doing research and pressing his points, can't be a little bit more > > objective now and then. I agree with you (took some time, granted, > > remember that thread many months ago started by that non-person?) that > > C-R isn't a good solution to spam, but, if you look at it objectively, > > there are some points stated in your C-R rant that don't apply to tmda. > > You should grant them that, I think. > > If you'll be specific, I'll address them.
To be specific: C-R - C-R deadlock. BUT, I see that you now have on your site: 'while some C-R systems might avoid this'. Have you changed this over the past year? I think that's fair, indeed. Still, I like your general remark: 'Unfortunately, there will be, and are, many poorly-designed C-R systems.' > However: > > - The premise of CR _is_ flawed. > > - There are problems are inherent and cannot be addressed by technical > means. > > Namely, and these are global problems with C-R: > > - Filtering methods don't work. They do. Many TMDA proponents claim > same (but use TMDA for C-R anyway). agreed. > - The premise that I'm responsible for mail claiming to come from me > is false. agreed. > - The premise that responses to challenges can be reliably predicted > is false. Legitimate senders will refuse to answer challenges. > Spammers can and do respond to challenges. not enough data available. > - The math for C-R simply doesn't scale. ? > - People's response to C-R is going to be colored by the method as a > whole. The challenge recipient doesn't know if they've got a > well-behaved system or not. They know they've received a challenge, > and that most of same they get are spam. This will be reflected in > behavior: people will stop responding to challenges. And a lot of > mail will be lost by users of C-R systems. agreed, I think. > These are problems inherent in the system. There are other issues, and > my initial rant could be revised. The basic truth hasn't changed: C-R > sends unsolicited mail in bulk. It's spam. I'm not sure if I agree about that. I think it is something like subspam. But that is a very personal view. David -- Hi! I'm a .signature virus. Copy me into your ~/.signature to help me spread! -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
