On Wed, 6 Aug 2003 13:06:08 +0200 Xavier Nodet <[EMAIL PROTECTED]> wrote:
> In theory... What do you think will happen if the guy on the other hand > also uses a challenge/response system, and none of you know each other? All outgoing messages are scanned and their recipients are added to whitelist. > Foo sends you a message. And my address appears in his whitelist. > You reply with a challenge. Right up to this point. > Foo's system sees > this mail, and also replies with a challenge, No, my challenge passes through, because I reply from whitelisted address. > And if you let directly in messages with a special header that says > 'this is a challenge', spammers *will* send you messages with such > headers... There is a password that is different for every address. It is possible to make challenge harder than this, but I have never received reply from spammer. Most, if not all, autoreplies generate mailer daemon errors that are filtered into special mailbox. > And what about the possibility for me to mail-bomb someone using a bunch > of such auto-responders: I forge an email that looks like coming from > Victim, and send it to a bunch of challenge protected addresses... I archive autoreplied mail along with all MTA headers with IP addresses and timestamps... The victim can mail me (after confirming my autoreply) and I'll give him all information he needs. > > People do confirm autoresponses and I am willing to reply to messages > sent > > by other people's autoresponders. > > Why would you see them? See above. ------------------------------------------------------- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01 _______________________________________________ Mahogany-Developers mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/mahogany-developers
