Re: Misguided energy (was Re: Do we need a new SMTP protocol? (OT))
Sorry bubbie, send me a challenge and you go into the evil list, which tends to be a permanent /dev/null redirect. This is iron clad on a mailing list. Direct I may or may not consign. C/R is plain evil as I have encountered it in the past. On mailing lists it's beyond evil as it generates challenges from every message sent to the list as the list server never responds to the challenges. I'm rather inflexible on Challenge/(lack of) Response because of my experience on the wrong end of it. {','} C/R sucks dead bunnies through garden hoses. - Original Message - From: "RW" Sent: Saturday, 2010/December/04 08:08 On Sat, 04 Dec 2010 12:44:37 +0100 Bernd Petrovitsch wrote: C/R is only means to make it move your own effort over to others. The really "interesting" case is if both sides choose to require C/R to get the first mail delivered. Which should be a clear sign to everyone that C/R is basically a bad idea. That's only a problem in very naive C/R systems. It can be solved by using a time-limited disposable address in the envelope "mail from". The recipient's challenge goes to the disposable address which bypasses the senders own C/R system. Some mailservers already do this because it eliminates almost all backscatter while allowing remotely generated legitimate DSNs to pass. Infuriating advocates of C/R pretty much have an answer for everything. If a benign dictator imposed a well thought-out scheme on everyone, it would probably work very well. At the moment though spam isn't that much of a problem, and C/R is more trouble than it's worth.
Re: Misguided energy (was Re: Do we need a new SMTP protocol? (OT))
On Sat, 4 Dec 2010 16:08:36 + RW wrote: > On Sat, 04 Dec 2010 12:44:37 +0100 > Bernd Petrovitsch wrote: > > > > C/R is only means to make it move your own effort over to others. > > > > The really "interesting" case is if both sides choose to require C/R > > to get the first mail delivered. > > Which should be a clear sign to everyone that C/R is basically a bad > > idea. > > That's only a problem in very naive C/R systems. It can be solved by > using a time-limited disposable address in the envelope "mail from". > The recipient's challenge goes to the disposable address which > bypasses the senders own C/R system. Some mailservers already do this > because it eliminates almost all backscatter while allowing remotely > generated legitimate DSNs to pass. > > Infuriating advocates of C/R pretty much have an answer for that should be "Infuriatingly" > everything. If a benign dictator imposed a well thought-out scheme on > everyone, it would probably work very well. > > At the moment though spam isn't that much of a problem, and C/R is > more trouble than it's worth.
Re: Misguided energy (was Re: Do we need a new SMTP protocol? (OT))
On Sat, 04 Dec 2010 12:44:37 +0100 Bernd Petrovitsch wrote: > C/R is only means to make it move your own effort over to others. > > The really "interesting" case is if both sides choose to require C/R > to get the first mail delivered. > Which should be a clear sign to everyone that C/R is basically a bad > idea. That's only a problem in very naive C/R systems. It can be solved by using a time-limited disposable address in the envelope "mail from". The recipient's challenge goes to the disposable address which bypasses the senders own C/R system. Some mailservers already do this because it eliminates almost all backscatter while allowing remotely generated legitimate DSNs to pass. Infuriating advocates of C/R pretty much have an answer for everything. If a benign dictator imposed a well thought-out scheme on everyone, it would probably work very well. At the moment though spam isn't that much of a problem, and C/R is more trouble than it's worth.
Re: Misguided energy (was Re: Do we need a new SMTP protocol? (OT))
On Mit, 2010-12-01 at 16:17 -0500, David F. Skoll wrote: > On Wed, 1 Dec 2010 16:02:03 -0500 > Michael Grant wrote: > > > The main problem with this approach is how does > > someone send you mail if they're not on your contact list? I don't > > have any magic answers how to solve that beyond what's already out > > there as in return messages with captchas in them or things like Blue Some people (including me) do not like to be Turing-tested. And if you Turing-test me, why shouldn't I require the same in the other direction before? Apart from the obvious misuses of captchas. > > Bottle seem to be quite effective. > > Challenge-Response systems are evil. I never reply to challenges and I > typically blacklist systems that send them. C/R is only means to make it move your own effort over to others. The really "interesting" case is if both sides choose to require C/R to get the first mail delivered. Which should be a clear sign to everyone that C/R is basically a bad idea. > There's a fundamental economic principle at play: If you make it harder > for spammers to send spam, then you make it less convenient to send email > to someone you've never written to before. There is simply no way around > that. Even worse, the professional spammers adapt faster to such new stuff than the average admin or user. [...] Bernd -- Bernd Petrovitsch Email : be...@petrovitsch.priv.at LUGA : http://www.luga.at
Misguided energy (was Re: Do we need a new SMTP protocol? (OT))
On Wed, 1 Dec 2010 16:02:03 -0500 Michael Grant wrote: > The main problem with this approach is how does > someone send you mail if they're not on your contact list? I don't > have any magic answers how to solve that beyond what's already out > there as in return messages with captchas in them or things like Blue > Bottle seem to be quite effective. Challenge-Response systems are evil. I never reply to challenges and I typically blacklist systems that send them. There's a fundamental economic principle at play: If you make it harder for spammers to send spam, then you make it less convenient to send email to someone you've never written to before. There is simply no way around that. Rather than destroying email (its killer feature is *precisely* the ability to dash off a note to someone new) by making it harder to send spam, viable anti-spam solutions make it less likely that spam will be received. Yes, this is costly and annoying, but it's the price we pay for the convenience of email. Regards, David.