Hi, On Thu, 23 Oct 2003 13:13:34 -0400 Scott Blomquist <[EMAIL PROTECTED]> wrote:
> Also along this thread for everyone esp. Chris, > A minor word of caution when you junp into the spam-l mailing list. > Spend a Loooong time lurking before you start posting. The folks there > are mostly front line high level BOFH admins and can get a bit unruly > and venomous. If your up for a real adventure Google on NANAE in usnet > groups. Don't forget your NOMEX underwear. Very true. Read the FAQs and lurk for a while, then lurk some more. There's a lot of good information there but there are also some very high-strung people (abuse work does that to you after a while) and they don't suffer fools gladly. Example: You will be mercilessly (and justifiably) pummeled for suggesting that challenge/response systems are a viable spam defense tool[*]. Lurk and absorb. And don't top post... :) Have fun! -- Bob Apthorpe [*] Summary of arguments: C/R systems can be abused to mailbomb people (forge many requests to known C/R from a single recipient.) Spammers either a) won't confirm, so you're sending a challenge that won't be answered and possibly getting a bounce message, which may be challenged, depending on how stupid your C/R system is, causing a cascading torrent of junk, or b) spammers will confirm, meaning you get the spam, and C/R is worthless as a defense. Fun trick: forge a message from someone using C/R to another person using C/R and watch the mail loop chatter away... Any system that relies on Captcha (find the hidden word in the image) or similar systems ties mail too closely to the web, causing trouble for people on text-only systems (e.g. the blind.) And if the C/R system is accessible to the blind, it's probably trivially defeatble by spammers. C/R systems generally do a lousy job of whitelisting recipients of outgoing mail, meaning mailing lists and responders have to jump through hoops unnecessarily, causing lot of problems for list maintainers. And at least one C/R vendor (SpamArrest) has been caught spamming its users' correspondents. C/R systems cause more problems than they solve; they work well enough for confirming mailing list subscriptions (requires n confirmations for all n users to communicate via the list) but don't work so well when applied to general mailboxes (requires n^2 confirmations for all n users to communicate with each other, provided their C/R systems don't get stuck in a loop.) ------------------------------------------------------- This SF.net email is sponsored by: The SF.net Donation Program. Do you like what SourceForge.net is doing for the Open Source Community? Make a contribution, and help us add new features and functionality. Click here: http://sourceforge.net/donate/ _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
