[EMAIL PROTECTED] wrote:
of course you should run all common qpsmtpd anti-spam plug-ins up-
front, like: no_dialup, geo_blacklist_whitelist, check_earlytalker,
and so on. Captcha response mails are only being send to senders whose
mails have passed those plug-ins.
But that doesn't change the basic design that all challenge-response
methods have: false positives (in this sense challenges sent out to
forged senders) put you in the same camp as the spammers, sending
unsolicited e-mail. That may be something you are personally
comfortable with, but many people are not willing to go that far. There
is no way within the current SMTP architecture to ensure that any given
message originates with the individual purportedly claiming to send the
message[*].
John
*) OK that is not strictly true. Through the use of cryptographically
signed messages, you can validate the sender, but the infrastructure for
this is sorely lacking. You can almost make the various signed header
systems work (DK and DKIM) so you have high confidence that the server
involved is legitimate, but you still have no way of knowing if that
server has been somehow compromised to sign spam
