>> That sounds like a very badly designed system. While I do not like C/R >> systems so would never implement one, surely it is only common sense to >> expect responses to emails which are sent out and therefore to accept >> such responses without issuing a challenge. > > I agree. But the proposed design didn't mention whitelisting the > recipients of your own outbound traffic. And there are C/R systems that > are deficient in this area.
Let me be more clear: I'm not proposing this system, merely describing one I encountered. My presumption is that the system whitelisted recipients of outbound traffic and only applied this fakereject to messages that hit some sort of spam threshold, but I don't know for sure. (And I REALLY wish I remembered where I encountered this system!) > If you return a 5xx error, what is to prevent the spammer from clicking > to release? CAPTCHA? Yes, it used a CAPTCHA. And if we can design a system where sending spam requires more effort from the spammer (reading the error message, browsing to the site, reading the CAPTCHA, typing it in, and then clicking "Release" for each message) than clicking "delete" requires from the recipient, we just won the spam war anyway. -- Dave Pooser Cat-Herder-in-Chief, Pooserville.com "...Life is not a journey to the grave with the intention of arriving safely in one pretty and well-preserved piece, but to slide across the finish line broadside, thoroughly used up, worn out, leaking oil, and shouting GERONIMO!!!" -- Bill McKenna
