From: "Justin Mason" <[EMAIL PROTECTED]>
Matt Kettler writes:
[lots of correct stuff]
...
Anyone telling you spammers only or mostly use bogus return addresses
either hasn't studied spam extensively or is deluding themselves.
Well, they *used* to use bogus addresses -- that was the case 2 or 3
years ago, before Sender Address Verification [1]. Since then, spam
generally uses randomly-chosen, "real" user addresses, as Matt says.
[1]: http://taint.org/2007/03/16/134743a.html
I've written my thoughts about C-R backscatter here: [2]
[2]: http://taint.org/2005/09/11/012434a.html
The only way I can see to have a NON-abusive challenge-response system
nowadays, would be to restrict challenges to domains for which the
challenged message passed SPF, Domain Keys or DKIM tests. (You'd still
annoy your correspondents, but at least you wouldn't be creating spam for
innocent third parties.)
None of the C-R filters bother doing that, though.
If I am replying to a sender's email and the sender is rude enough not
to let my reply through then "scroom".
Hey, Jo, come on over to my house for the <whatever>!
Jo arrives. But the usual doorway transaction fails because a new
filter is in place that orders Joe to go back home and call from home
to say he's coming.
Scroom. I'd go home and stay home.
{^_^}
