Mark Brown <[EMAIL PROTECTED]> writes: > You do realise that all parts of SMTP are generally completely > unauthenticated and can be trivially forged? A system like this has no > option but to work with unauthenticated data.
Why cannot the C-R system issue the challenge during the SMTP session (respond with a reject containing the challenge)? With the latest Sobig flood I've begun to consider all list software sending back "your message is waiting for moderation" messages broken, let alone a software package designed to reduce SPAM (or virus checkers responding to a completely wrong person warning about infected system). And yes, I'm actually considering filing grave bugs against each such list software package (I'm willing to live with such behaviour being optional with the default being no response, if the documentation says "beware SPAM worms if you enable autoresponse). -- * Outside of a dog, a book is man's best friend. Inside of a dog, it's * * too dark to read. (Groucho Marx) * * PGP public key available @ http://www.iki.fi/killer *
