On Wed, 2010-12-01 at 16:17 -0500, David F. Skoll wrote:
> Challenge-Response systems are evil. I never reply to challenges and I
> typically blacklist systems that send them.
Personally, I have *never* received a legit C/R. Every single one that
ended up on my machines have been in response to spam sent with a forged
sender address.
Hardly distinguishable from backscatter. And in fact, all samples I have
are dating back from times when certain addresses have received quite a
lot of that blow-back spam.
> There's a fundamental economic principle at play: If you make it harder
> for spammers to send spam, then you make it less convenient to send email
> to someone you've never written to before. There is simply no way around
> that.
>
> Rather than destroying email (its killer feature is *precisely* the
> ability to dash off a note to someone new) by making it harder to send
> spam, viable anti-spam solutions make it less likely that spam will be
> received. Yes, this is costly and annoying, but it's the price we pay
> for the convenience of email.
Very true, David. Spam filtering helps. Which, coincidentally, probably
is what we all are here for. ;)
Both, backscatter as well as C/R as a specific form of backscatter [1]
are evil. I have refused to answer questions on this very list before,
when it became obvious the OP uses or considers C/R -- unless he thought
about that a second time. I will continue to do so.
[1] Its stated purpose is to reduce spam, by sending out a challenge to
legit first-time senders -- as well as forged addresses, mind you!
That is *deliberately* spamming [2] innocent bystanders.
[2] I don't use that term lightly. Anyone who has sufficient knowledge
of the problem to create such beast, also knows about address
forgery. He knows, he turns the recipient's problem into a
bystander's problem.
--
char *t="\10pse\0r\0dtu...@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
