On Sat, Aug 02, 2003 at 10:06:25AM -0700, Alan Connor wrote: > I am REALLY sick of ignorant (or disinformational ) posts like this one.
I am REALLY sick of posts like your one. > The argument to the X-CR header is a password. A unique password to the > transaction. And then the address is whitelisted, right? And then that person can send you mails without being challenged all the time, right? And then a spammer can forge some headers and use that very same address and not be challenged, right? Right? Right. Yes, they can. No, your system doesn't check for forged headers because it can't distinguish them. Yes, given time, especially if C-R is implemented on a large scale, spammers _will_ make use of whitelisted addresses. > Please do your homework or get a brain, or acquire some ethics, whichever > of these applies. I have done my homework, have a brain, have some ethics and still see your reasoning to be flawed. Should I copy your homework, ditch my brain and let my ethics be programmed by some loser instead? > Now. Anyone who wants to learn about CR mail programs can visit my site, or > mail me or check out Professor Timo Salmi's pages. > > http://www.uwasa.fi/~ts/info/spamfoil.html > > http://www.uwasa.fi/~ts/info/proctips.html I read through the tmda pages. Still, I like the general concept, although it simply does not work perfectly. For people not minding to offend others and lose at least some good mail, it might perform almost perfectly. > For those of you who don't like CR systems: > > > Write your congressperson....You are boring the stuffing out of me. > > And no, you can't just fire off a mail to me whenever you feel like it. > That's what the list and newsgroups are for. Let me see... If I send you a personal mail, reply to your challenge, my address is whitelisted, right? And already forged headers have shown to blow your scheme away. Let me apply for a hotmail address, send you a mail, get whitelisted, scan for an open relay, forge some headers and write a harrassing mail which will be sent out one thousand times to you. Can be done by a near newbie bash scripter within the hour, I guess... David -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
