[Baypiggies] Challenge/Response email systems
Ken Seehart
ken at seehart.com
Fri Jun 16 17:58:07 CEST 2006
My understanding is that there are a couple kinds of CR systems. One
kind is blind, and sends a
challenge to anyone not on a whitelist (call this Blind CR), and another
kind that only sends a challenge
when the email is:
1. Not on whitelist.
2. Has a moderately high spam score.
3. Doesn't have a super high spam score (just dump these in the spam
bucket).
Obviously, the most common objections apply to blind CR systems. A
/smart/ CR system would
only generate a relatively small percentage increase to email traffic in
exchange for putting spammers
out of business (a reasonable exchange I think). In general I would
receive a challenge only when
it is likely that the person receiving my mail would have discarded it
if they had not installed a CR
system.
Anyway, this discussion has left me "undecided" on the issue. Leaning
against CR at the moment.
I have two questions:
1. Marylin: Is your CR "smart" or "blind"? I can't imaging why the
email Guido sent you would have
gotten a "moderately high" spam score.
2. Does anyone have an answer to Bob's objection? That looks like a
killer to me. Although
I have not yet received any spoofed CR messages, I could imagine it
could become a very
popular technique for spammers. I don't want to complicate things by
simply adding another layer
to the battle (CR spoofs vs. CR spoof filtering). If Bob's objection is
not answerable, CR is dead.
3. What about metaCRs? Maybe my CR system sends you a challenge about
your CR. Yuck.
4. Is there anything as bulletproof as CR, but without the problems?
And I am not asking about
better filters (that's just an ongoing battle against better spam).
- Ken
Bob wrote:
> C/R doesn't scale because spoofed challenges are indistinguishable
> from real ones and you can't filter any of them out without filtering
> all of them. If everyone did C/R you'd simply get hundreds of non-
> filterable challenges a day instead of spam, and you would have no
> idea which ones to respond to.
>
> I'd rather have spam.
>
> -bob
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.python.org/pipermail/baypiggies/attachments/20060616/389ce7ea/attachment.html
More information about the Baypiggies
mailing list