[PLUG] [Fwd: Verify plug-admin at lists.pdxlinux.org for dduncan at hexi.com]

Russ Johnson russj at dimstar.net
Tue Sep 2 11:01:01 UTC 2003 

Chuck Mize wrote:
> If you are the only one using C/R then he only has to deal with one 
> additional email but what if everybody he emails is using it? 

Then the sender makes a decision. Either it's worth it to contact that 
person, or it's not. If it's not worth it to reply to the challenge, 
then they hit delete, and off they go. No problem.

> Also a lot 
> of the C/R systems I've looked at have an option to wipe entries in the 
> whitelist after a certain amount of time so that you'd have to reconfirm 
> yourself.

And that too is the choice the owner of the mailbox makes. I believe 
these systems also keep track of the time since last email, not just an 
arbitrary time since added to the database. For folks who correspond on 
a regular basis, it's no problem.

> Also, what do you think happens to the challenges when the spammer 
> forges the From: address with a valid address belonging to an innocent 
> bystander? All of a sudden they are getting challenge requests from 
> people they have never heard from. Sounds abusive to me...

No more abusive than the hundreds of sobig.f mails I'm getting per day 
with forged headers, or the "failed clean attempts" I'm getting from NAV 
for mail gateways telling me my linux box tried to infect someone...

We deal with it, because the alternative is we are overrun with junk 
email. If I wasn't blocking mail, then my signal to noise ratio would be 
near 2:10. 2 legitimate emails for every 10 emails received. I kid you 
not. Fully 40% or better is rejected by postfix, and then 70% of what 
gets delivered to me is still junk. I had a personal best the other day 
of 77% of mail was rejected by postfix. That's BEFORE spamassassin got a 
hold of it. Spam sucks, and I'll do many things to reduce it to a 
managable level. That doesn't include a C/R system yet, but I'm close.. 
Real close.

> Finally, if enough people actually start using C/R the spammers will 
> just alter their spamware to automatically respond to the challenges and 
> you'll be in the same place you are now. Right now they are just using a 
> forged From: address but all they have to do is open a Yahoo dropbox, 
> send out their spam using that dropbox, reply to the challenge requests 
> and be on their way to the next spam run.

That is called an arms race. We come up with a solution, and they come 
up with a way around it. We'll come up with something else, and 
eventually, they'll figure out a way to get around that too.

It happens. We will continue down that road. Even laws limiting spam 
would not stop this from happening.

-- 
Russ Johnson
Stargate Online
Home:	http://www.dimstar.net
LDP:	http://ldp.dimstar.net

More information about the PLUG mailing list