On Fri, 23 May 2008, Andrew Lentvorski wrote:
There are lots of reasons why systems like Active SPAM Killer
(http://a-s-k.sourceforge.net/) are a bad idea, but here are the big two and
one you can disregard:
I think you can disregard all 3 reasons however under restrictions, because it
can work for me, doesnt mean itll work for everyone in the world, consider
winhozed it works for some.
1) If you have sender and receiver behind this kind system, no mail will ever
get through (both sides wind up waiting for the response to the
authentication email). This is the most compelling argument. Of course,
some of us consider this to be a bonus.
thats not how a good one works, I send an email to you, your email is stuck in
my aprove this guy for a while list, your authenticate me email wont be missed.
2) This is a variant of the "backscatter spam" problem. The problem occurs
when you get forged return addresses. Since you can't count on the return
address, these systems can be used to DDoS an intermediate party. This is
the same reason why sanely configured mail systems no longer send "Unable to
deliver" messages in return.
a good setup should do some minor stuff to verify the email seems reasonable,
and does not send a zillion authenticate emails out, restrictions are placed on
the domain and account level, and a new one to any domain should not be sent
out while a number are pending. a poorly setup system is not a reason to ignore
the system, remember linux wasnt a great OS once upon a time...
3) I, personally, will blackhole any challenge/response mail domain the
moment I find out about it as it is a disaster waiting to happen. Of course,
I normally don't have to anymore as the challenge email is almost universally
caught by spam filters nowadays and thrown out. Spammers were way ahead of
the curve in making their spam look like a challenge email in order to get
through filters so most filters now dump them into the trash.
then while I will see your email, and the "catchall" account at "business A"
will see your email the accountant at "business A" won't. im sure you will be
missed :D but again you would have to be sending an email to "her" without her
knowing and you would have to not authenticate yourself. and because its
a good setup unless it has something horribly bad in it the catchall address
will get your email, in which a lesser paid receptionist can either add you or
pass it along to her and because she can add you to the accepted list you might
not ever know she has email filtering on.
Richard Reynolds
[EMAIL PROTECTED]
--
KPLUG-List@kernel-panic.org
http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
