[Baypiggies] Challenge/Response email systems

Ken Seehart ken at seehart.com
Fri Jun 16 17:58:07 CEST 2006 

My understanding is that there are a couple kinds of CR systems.  One 
kind is blind, and sends a
challenge to anyone not on a whitelist (call this Blind CR), and another 
kind that only sends a challenge
when the email is:

   1. Not on whitelist.
   2. Has a moderately high spam score.
   3. Doesn't have a super high spam score (just dump these in the spam
      bucket).

Obviously, the most common objections apply to blind CR systems.  A 
/smart/ CR system would
only generate a relatively small percentage increase to email traffic in 
exchange for putting spammers
out of business (a reasonable exchange I think).  In general I would 
receive a challenge only when
it is likely that the person receiving my mail would have discarded it 
if they had not installed a CR
system.

Anyway, this discussion has left me "undecided" on the issue.  Leaning 
against CR at the moment.

I have two questions:

1. Marylin: Is your CR "smart" or "blind"?  I can't imaging why the 
email Guido sent you would have
gotten a "moderately high" spam score.

2. Does anyone have an answer to Bob's objection?  That looks like a 
killer to me.  Although
I have not yet received any spoofed CR messages, I could imagine it 
could become a very
popular technique for spammers.  I don't want to complicate things by 
simply adding another layer
to the battle (CR spoofs vs. CR spoof filtering).  If Bob's objection is 
not answerable, CR is dead.

3. What about metaCRs?  Maybe my CR system sends you a challenge about 
your CR.  Yuck.

4. Is there anything as bulletproof as CR, but without the problems?  
And I am not asking about
better filters (that's just an ongoing battle against better spam).

- Ken

Bob wrote:
> C/R doesn't scale because spoofed challenges are indistinguishable  
> from real ones and you can't filter any of them out without filtering  
> all of them. If everyone did C/R you'd simply get hundreds of non- 
> filterable challenges a day instead of spam, and you would have no  
> idea which ones to respond to.
>
> I'd rather have spam.
>
> -bob
>
>   

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.python.org/pipermail/baypiggies/attachments/20060616/389ce7ea/attachment.html

More information about the Baypiggies mailing list