[TriLUG] Another seal broken... thinking of installing a C/R anti-spam system

jonc at nc.rr.com jonc at nc.rr.com
Sat Jan 27 13:05:56 EST 2007 

Yep. I read that while doing my research on Challenge/Response systems. 
The basic arguement against doing a C/R response is that you respond to
the forged From and thus add to the problem of spam. Thus my comment on
one of the seals of doom being broken... :-)

The problem here, is that we have to work with a broken environment for
smtp that folks refuse to  help fix. I hate to do C/R, but it would
solve *our* particular problem. 

We need for all SMTP to be authenticated and only accepted from the
authoritative source of that domain. That would effectively cripple
Spammers. It's not like we allow folks to POP email as a user without
using a password! Why should we let people drop off email without the
same protection. Alas, that would mean that folks who make email clients
would have to adapt them to using auth-smtp. Something so logical seems
to be beyond the capabilities of Microsoft. 

Jon

----- Original Message -----
From: Jason Faulkner <jason at oldos.org>
Date: Saturday, January 27, 2007 11:53 am
Subject: Re: [TriLUG] Another seal broken... thinking of installing a
C/R anti-spam system
To: Triangle Linux Users Group discussion list <trilug at trilug.org>

> C/R systems cause backscatter. Backscatter is considered spam by a lot
> of people/organizations:
> http://linuxmafia.com/faq/Mail/challenge-response.html
> 
> On 1/27/07, jonc at nc.rr.com <jonc at nc.rr.com> wrote:
> > Yes, another seal standing between man and the end of the world is
> > breaking.  I am looking at installing a Challenge/Response system 
> for> some of my company's email addresses.
> >
> > We already do various filtering, etc... but the volume of spam still
> > leaking through is about 40/day (about 20% - we are heavily weighted
> > towards no false negatives), and we only see about 3 real emails 
> a week
> > for these addresses.
> >
> > The legit folks who send email to these addresses are generally 
> low-tech
> > folks (definitely no geeks). So I don't think a C/R system would 
> offend> them in any way.  Also, I'm thinking of disquising the C/R 
> system as a
> > web-based request for more info on the mail they sent in.
> >
> > The auto-reponse email would have a copy of the original 
> mail/header and
> > would link back to a web form that puts their original email into 
> the> form and askes them to click some buttons to direct the 
> request to the
> > proper department :-), plus fill in the proper contact info.
> >
> > Of course if they are already in our system, they don't get the C/R
> > notice. The mail just comes through.
> >
> > Jon
> > --
> > TriLUG mailing list        : 
> http://www.trilug.org/mailman/listinfo/trilug> TriLUG 
> Organizational FAQ  : http://trilug.org/faq/
> > TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
> >
> 
> 
> -- 
> Jason Faulkner
> http://oldos.org
> -- 
> TriLUG mailing list        : 
> http://www.trilug.org/mailman/listinfo/trilugTriLUG Organizational 
> FAQ  : http://trilug.org/faq/
> TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
>

More information about the TriLUG mailing list