Slash Boxes
NOTE: use Perl; is on undef hiatus. You can read content, but you can't post it. More info will be forthcoming forthcomingly.

All the Perl that's Practical to Extract and Report

The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
More | Login | Reply
Loading... please wait.
  • Like you, I encounter these periodically and I don't like them either. The particularly annoying scenario I encountered recently was that someone sent me email. I replied to their question and was then expected to leap through hoops to shepherd my reply through their challenge response system.

    • That's a poorly designed C/R system. The C/R systems that I've seen (and liked somewhat) will automatically whitelist an email address when an email is *sent* to that address. This means that people within an organization can send an email to whoever they want, and when that person responds it will go straight through.

      If email lists sent from the same address that you sign up at, then C/R systems that use the whitelisting technique above would have no problems receiving emails sent from legit email lists.

      • Haha!

        No, I'm against them because spammers lie. They forge the reply address to someone innocent. That means that the amount of spam I receive is going to double (as I count C/R requests as spam).

        I have a good mind to respond to C/R's that are the result of a joe-job against my domains just to prove this point.

        Mostly though I'm against them because I consider it impolite. A C/R anti-spam system is a cost shifting exercise. It shifts the recipients cost of spam to everyone who sends him email. That cost *
        • Just to take my devil's advocacy a bit further &evilgrin; When a spammer lies, using another persons email address as the From, then the content of their original email would not be delivered, thus reducing the incentive to send it in the first place. The few C/R systems I've interacted with did not include the content of the email I sent as part of the challenge.

          Sure, someone else would get the "challenge"...But if that person was also using a C/R system then they would never need to know...would the

          • by vsergu (505) on 2003.05.14 10:05 (#20112) Journal
            The idea is for the spammer to use 'From' addresses taken from the same group the 'To' addresses came from (for example, they appeared on a web page together). Then there's a chance the addresses have been whitelisted previously and the spam will get through.

            And everyone not using C/R gets bombarded with ever-increasing numbers of challenges.

            C/R is a poorly thought-out attempt at solving the spam problem. It needs to be stopped before it makes the situation worse.
            • Oh, I hadn't thought of that. Duh. I guess one solution to that problem would be to only position C/R systems in between the Internet and an organizations Intranet: so internal emails would never go through it, and email posing as internal email with common username would be rejected. But you are right, this gets way to complicated way too fast, and if widely adopted would result in way too much complexity.
              • When I said the same group, I didn't necessarily mean the same domain. I'm not really talking about people in the same organization, just people who seem to be associated in some way and thus might be on each other's whitelists. Such people may show up on a web page together, for example.
            • You know what'd be an interesting twist - if you look at all the headers and MD5 checksum a concatonation of the server routes, from origin to destination and when you add the e-mail to a whitelist, you also associate it with the MD5 checksum of the traffic route. Any spammer forging the 'From' address won't be able to reproduce the route.