Re: Passive Spam Revocation (PSR)
David F. Skoll
> "David F. Skoll" <d...@roaringpenguin.com> wrote in message
> news:73554$4ae5877e$d1d97a75$59...@PRIMUS.CA...
>> It's not C/R because no challenge is sent. The challenge is implicit,
>> so there's no backscatter problem.
> (Your subsequent post 6 minutes later says otherwise.... It IS C/R.)
OK. It's not traditional C/R.
> It doesn't matter if the "challenge" is delivered via means outside
> of SMTP. It still requires a legitimate sender to take an extra
> step, so it's NO DIFFERENT from C/R.
It's different from traditional C/R in that the *most* annoying side-effect
of C/R (challenges sent to unrelated third parties) is avoided.
As you point out, it's the same in that the *second-most* annoying side
effect (extra work for legitimate senders) is still present.
> How is the sender supposed to know that the extra
> step of visiting the web page is required if he's not told to do it - and
> thus "challenged?"
Presumably, if this is widely adopted, MUAs and other software will
"know" to hit the site just as we "know" how to interpret SPF records, etc.
[...]
> Legitimate mail should NEVER be hampered.
I believe the OP's motivation was to reduce the hampering of
legitimate mail by letting the sender release it from the recipient's
spam filter. The addition of the "SPAM STATUS HIDDEN" option kills
that idea, though. You either have to provide spammers with an
Oracle, or make senders do possibly useless extra work. You can't
have it both ways.
> You're still making legitimate senders "jump
> through hoops" to have their mail delivered while doing NOTHING to
> spammers who won't care.
Read the proposal again. The CAPTCHA is only offered if the mail was
trapped in a filter. A sender can presumably ignore it and wait for
the mail to be released by the recipient in the normal course of events.
(This is assuming you don't use the SPAM STATUS HIDDEN option.)
I don't think it's a good idea. But it's not as harmful or in-your-face
as traditional C/R.
-- David.