On Sat, Sep 06, 2003 at 11:32:04PM +1000, Russell Coker wrote:
> DNSBL's and spamassasin seem quite good at dealing with spam and are much
> less annoying. That combined with some new laws that are being enacted to
> combat spam should keep it to a managable level.
oh, please tell me that these n
On Sat, Sep 06, 2003 at 06:02:07PM -0500, david nicol wrote:
> Don't hate spammers, figure out a way to bill them. They are in
> business, they pay for things, they expect to be billed. Everyone
> who has considered sender-pays agrees that it provides a better solution
> than legislation.
Again
On Sat, 2003-09-06 at 08:32, Russell Coker wrote:
> Here's how it works. Spammer creates account [EMAIL PROTECTED] and sends
> their first spam to a C-R system, when the challenge comes in they
> acknowledge it and from then on the C-R system does not bother them because
> they keep using the
On Sat, 6 Sep 2003 06:56, david nicol wrote:
> > > Unlike TMDA's distributed profusion of extended addresses, a
> > > central RAPNAP (return address, peer network address pair) database
> > > only needs to send out a challenge when you change your outgoing
> > > SMTP server. In effect, a central s
On Fri, Sep 05, 2003 at 03:56:16PM -0500, david nicol wrote:
> > For challenge response to work it has to be annoying to lots of people.
> > Anything that stops it being annoying will stop it working. That's why
> > it is broken.
>
> Challenge-response, BY ITSELF ONLY, suffers from that problem
On Fri, 2003-09-05 at 00:16, Russell Coker wrote:
> On Thu, 4 Sep 2003 18:32, david nicol wrote:
> > I've been trying to popularize a centralized challenge-response
> > database since last fall. It seems to me that becoming a debian
> > package maintainer for the software to use it would make sens
On Thu, 4 Sep 2003 18:32, david nicol wrote:
> I've been trying to popularize a centralized challenge-response
> database since last fall. It seems to me that becoming a debian
> package maintainer for the software to use it would make sense.
>
> Unlike TMDA's distributed profusion of extended add
Hello
I've been trying to popularize a centralized challenge-response
database since last fall. It seems to me that becoming a debian
package maintainer for the software to use it would make sense.
Unlike TMDA's distributed profusion of extended addresses, a
central RAPNAP (return address, peer
* Kalle Kivimaa
| And yes, I'm actually considering filing grave bugs against each
| such list software package (I'm willing to live with such behaviour
| being optional with the default being no response, if the
| documentation says "beware SPAM worms if you enable autoresponse).
Please file a
On Wed, 27 Aug 2003 11:44:34 +0100
Stephen Stafford <[EMAIL PROTECTED]> wrote:
> Sorry, but I do NOT see how this is a grave bug. It's wishlist (at best).
I tend to agree with the grave aspect.
> YOU might not agree that C-R systems are good (personally I detest them),
> but that does NOT me
Mark Brown <[EMAIL PROTECTED]> writes:
> The part where SMTP is completely unauthenticated means that this
> doesn't help - the SMTP envelope sender can be forged just as easily as
> the From: inside the message.
You're right, I forgot to say that the idea only applies to
non-relayed mail where th
* Mark Brown
> You do realise that all parts of SMTP are generally completely
> unauthenticated and can be trivially forged?
Yes. It's indeed very sad that it is so.
However, my main issue still remains -- the difference (for the user)
between
«I'm installing this package and accep
Mark Brown <[EMAIL PROTECTED]> writes:
>> Why cannot the C-R system issue the challenge during the SMTP session
>> (respond with a reject containing the challenge)? With the latest
>> Sobig flood I've begun to consider all list software sending back
>
> The part where SMTP is completely unauthenti
Tore Anderson <[EMAIL PROTECTED]> writes:
> severity 207300 grave
> quit
>
> * Karsten M. Self
>
> > Briefly: challenge-response (C-R) spam fighting systems are
> > fundamentally broken by design.
>
> > I am recommending that TMDA be dropped from Debian.
I use tmda, but not in challenge-respo
On Wed, Aug 27, 2003 at 04:07:58PM +0300, Kalle Kivimaa wrote:
> Mark Brown <[EMAIL PROTECTED]> writes:
> > You do realise that all parts of SMTP are generally completely
> > unauthenticated and can be trivially forged? A system like this has no
> > option but to work with unauthenticated data.
>
Bernd Eckenfels <[EMAIL PROTECTED]> writes:
> Every MTA is sending bounces to mails with forged headers.
The MXes I'm responsible for don't do this (even the secondary MXes
handle such cases gracefully). They just refuse messages with unknown
destinations at the SMTP level. AFAIK, all MTAs whic
On Wed, Aug 27, 2003 at 04:07:58PM +0300, Kalle Kivimaa wrote:
> Mark Brown <[EMAIL PROTECTED]> writes:
> > You do realise that all parts of SMTP are generally completely
> > unauthenticated and can be trivially forged? A system like this has no
> > option but to work with unauthenticated data.
Mark Brown <[EMAIL PROTECTED]> writes:
> You do realise that all parts of SMTP are generally completely
> unauthenticated and can be trivially forged? A system like this has no
> option but to work with unauthenticated data.
Why cannot the C-R system issue the challenge during the SMTP session
(r
On Wed, Aug 27, 2003 at 01:35:12PM +0200, Tore Anderson wrote:
> [ Please do not send me CC's, as I have not explicitly asked for them. ]
Apologies.
>
> * Stephen Stafford
>
> > Sorry, but I do NOT see how this is a grave bug. It's wishlist (at best).
> >
> > YOU might not agree that C-R sy
On Wed, Aug 27, 2003 at 11:08:23AM +0200, Tore Anderson wrote:
[snip... oh my!]
How amusing to see Sobig.F cited as the reason for reassigning grave
severity to a bug! Looks to me as if you just didn't find a sobig-f package
to file the bug against, so something else had to be the culprit.
In t
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Wednesday 27 August 2003 11:08, Tore Anderson wrote:
> > I do not intend to play BTS games here; if you change the severity back
> > to grave, or to any other RC state, I will consider it to be abuse of
> > the BTS and report your actions to the
On Wed, Aug 27, 2003 at 02:54:43PM +0300, Lars Wirzenius wrote:
> TDMA seems to hurt innocent outsiders by sending them mail (e.g., in
> response to garbage sent by viruses or spammers). The other examples you
> gave (Emacs, Gnome, CUPS) don't do that, as far as I know. The
> difference is importan
On Wed, Aug 27, 2003 at 01:35:12PM +0200, Tore Anderson wrote:
> with is that the C-R system in question ignores the fact that SMTP
> headers are trivially (and regulary) forged. I believe this is deliberate,
> and that TMDA does not attempt to verify that the recipient of the
> challenge tru
severity 207300 wishlist
thanks
On Wed, Aug 27, 2003 at 11:08:23AM +0200, Tore Anderson wrote:
> severity 207300 grave
> quit
Sorry, Tore, but this is not a grave bug. The package does what it says
on the tin, even if you think that its goals are broken in the wider
picture (and I'd happen to agr
[ Please do not send me CC's, as I have not explicitly asked for them. ]
* Stephen Stafford
> Sorry, but I do NOT see how this is a grave bug. It's wishlist (at best).
>
> YOU might not agree that C-R systems are good (personally I detest them),
> but that does NOT mean that we shouldn't rel
On ke, 2003-08-27 at 13:44, Stephen Stafford wrote:
> YOU might not agree that C-R systems are good (personally I detest them),
> but that does NOT mean that we shouldn't release one. If the package is in
> good shape and functions as advertised, then it IS fit for release.
TDMA seems to hurt i
[enormous snippage]
Sorry, but I do NOT see how this is a grave bug. It's wishlist (at best).
YOU might not agree that C-R systems are good (personally I detest them),
but that does NOT mean that we shouldn't release one. If the package is in
good shape and functions as advertised, then it IS f
severity 207300 grave
quit
* Karsten M. Self
> Briefly: challenge-response (C-R) spam fighting systems are
> fundamentally broken by design.
> I am recommending that TMDA be dropped from Debian.
* Adam McKenna
> I will not respond to this bug other than to state that I don't believe it
>
28 matches
Mail list logo
