Hello all,
If any of you are using a Challenge Response system on your e-mail, please make sure that it does not issue challenges to any e-mail from any mailing lists that you are subscribed to.
This can block important messages from the mailing list management software, as it has no way to respond to such challenges.
Also many people refuse to answer such challenges, and this can result in you missing important information. This behavior comes from those users or their system administrators being mail bombed by challenge response systems as a result of a virus outbreak or a spam run.
The stuff comes in faster than they can delete it, and places their mailbox over quota, resulting in real e-mail being lost.
The most public case of this is the TEST.COM domain, which is a real domain by a commercial company of test equipment that is commonly spoofed in spam.
In general, the challenge-Response system has proved to be a very bad solution to spam and virus control.
Most spam and viruses are sent with forged addresses. When a new virus breaks out, a challenge response system will end up doing a denial of service attack against the innocent victims that have had their address spoofed.
This SAMBA-VMS list and the other SAMBA mailing lists have been hit badly by such autoresponders in the past, and the only defense has been for the mail server operators to block such abusive hosts, as found, because historically they ignore all requests to stop auto-responding to the viruses. And in many cases at least one of the RFC required contact addresses of Abuse and Postmaster are not working.
Many mail servers are now blocking all e-mail from any mail server that is using a challenge response system because they have been hit with mail bombs from them.
Also if the challenge-response system mail-bombs a spamtrap, it can result in that mail server being listed in several spam blocking systems.
This typically happens every time a new worm comes out.
Also many users whose e-mail addresses are victimized by spam or viruses spoofing them are acknowledging the challenges to let the spam through.
If a mail message is not deliverable, the only non-abusive way to notify the real sender is for the receiving mail server to reject the message with an SMTP error code, and an small text tag. This is the only way that will cause a non-delivery message to be reliably sent to a real person.
Any other method is either abusive to the rest of the internet or is causing real e-mail to be silently deleted with out the sender or the receiver being notified in a timely fashion.
Using a Challenge-Response system in practice is an unreliable system and can result in both legitimate incoming e-mail being lost, and in other systems refusing your outgoing e-mail because it is abusive in auto-responding to forged addresses in spam and viruses.
There are many anti-spam techniques that will reliably block almost 100% of the incoming spam with out rejecting real e-mail. The most reliable use DNS based blocking lists to reject over 80% of the spam, and for the remaining percentage check the I.P. addresses of the URLs in the e-mail against the same DNS based blocking lists. Steve Linford, and internationally recognized expert on spam (spamhaus.org) is reporting that a commercial ISP (UXN.COM) is achieving well over 99% spam rejection with zero false positives.
And also, auto-responders like out-of-office or vacation messages to external or unknown e-mail addresses are the on-line equivalent to letting the mail and papers pile up in front of you house while you are on vacation. Convicted criminals use these auto-responders to e-mail and voice mail messages to steal from companies.
They have successfully gotten top-secret prototypes shipped to post office drop boxes, and fake bills approved in past cases.
So make sure that Challenge response is off for any mailing list you are subscribed to, and better yet, turn it off. The rest of the internet will thank you.
-John [EMAIL PROTECTED] Personal Opinion Only PLEASE READ THIS IMPORTANT ETIQUETTE MESSAGE BEFORE POSTING:
http://www.catb.org/~esr/faqs/smart-questions.html
