On Sun, 2003-08-03 at 13:37, David Fokkema wrote: > On Sun, Aug 03, 2003 at 05:13:26AM +0100, Karsten M. Self wrote: > > As some here are aware, I maintain a rant-o-matic with some standard > > screeds on frequently iterated issues. The C-R issue is one that's been > > nagging at me for a while, here's the draft of why C-R is considered > > harmful. Critique/comment welcomed. > > > > You're problably receiving this because I've received a C-R from > > your mail system. If you've received this, that is.... > > > > Spam is a growing, heck, exploding problem. No doubt. > > Challenge-response (C-R) is a flawed tactic, for the following > > reasons. > > > > 0. Weak, and trivially abused, verification basis. > > > > The 'FROM:' header of email can be, and routinely is, spoofed. > > It offers no degree of authentication or evidence of identity. > > As filtering is a spam-reduction system, so is C-R. The chance of > receiving spam from a whitelisted address is, in the experience of tmda > users, very rare. And even if it happens, it only adds up to low > statistics.
As it turns out, just *today*, I received spam seemingly from charter.net (but that may have just been a relay). However, look what was spoofed: Return-Path: <[EMAIL PROTECTED]> From: Matthew Graybosch <[EMAIL PROTECTED]> Subject: Re: Terminal error Matthew Greybosch is know to me from the Libranet mailing list, and so is the Subject. -- +-----------------------------------------------------------------+ | Ron Johnson, Jr. Home: [EMAIL PROTECTED] | | Jefferson, LA USA | | | | "I'm not a vegetarian because I love animals, I'm a vegetarian | | because I hate vegetables!" | | unknown | +-----------------------------------------------------------------+ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
