Web Images Videos Maps News Shopping Gmail more »
Recently Visited Groups | Help | Sign in
Google Groups Home
comp.mail.misc
Message from discussion Challenge-Response Systems

View parsed - Show only message text

Path: g2news1.google.com!news4.google.com!newshub.sdsu.edu!elnk-nf2-pas!newsfeed.earthlink.net!stamper.news.pas.earthlink.net!newsread3.news.pas.earthlink.net.POSTED!65807237!not-for-mail
Newsgroups: comp.mail.misc
From: Alan Connor <zzz...@xxx.yyy>
Subject: Challenge-Response Systems
Reply-To: x...@yyy.zzz
User-Agent: slrn/0.9.7.3 (Linux)
Lines: 135
Message-ID: <XDEyd.7558$9j5.1334@newsread3.news.pas.earthlink.net>
Date: Thu, 23 Dec 2004 19:03:19 GMT
NNTP-Posting-Host: 165.121.25.204
X-Complaints-To: abuse@earthlink.net
X-Trace: newsread3.news.pas.earthlink.net 1103828599 165.121.25.204 (Thu, 23 Dec 2004 11:03:19 PST)
NNTP-Posting-Date: Thu, 23 Dec 2004 11:03:19 PST
Organization: EarthLink Inc. -- http://www.EarthLink.net


Challenge-Response Systems

The first thing you need to understand about these systems
is that anyone who has a vested interest in keeping the 
spam flowing into your mailboxes, from the spammers themselves
to those that hire them, to those who make a living via their
expertise in out-moded and ineffective spamfighting tools,
will do and say _anything_ to keep you from using one.

They have entire websites devoted to lies and distortions
about these systems.

Because they can't beat them, spammers HATE them, and we all know
that spammers have no morals whatsoever.

And that _anyone_ can put up a website that says _anything_.
Anyone can say anything on the Usenet.

An amazing number of spammers don't even consider themselves to
be spammers. It's the _other_person's UBCE (Un-solicited Bulk
Commercial Email) that's spam, not theirs. They are "legitimate
businesspersons engaged in commerce".

Right.

Are Challenge-Response systems okay to use on the Internet? 

Earthlink, one of the largest ISPs in the world, seems to think
so, and offers them as a part of their standard spamfighting
package. That ought to tell you something.

I've been using one for years and know hundreds of people who use
them, and not one of us has ever received a complaint from anyone
but a spammer, and those are quite rare because spammers seldom
include a return address that is valid.

There are spammers pretending to be spamfighters post on this
group that will claim otherwise, but when you demand documented
evidence they somehow always fail to come up with it.

What they do present here is the result of them _deliberately_
soliciting Challenge-Responses from people and organizations that
use C-R systems, which proves nothing but the fact that they have
no morals and no real evidence.

What C-R Systems do is eliminate anonymous mail. 

If someone wants to mail a C-R System user, they have to include
a real return address that is monitored by a live human being.

Party A mails Party B, and because they have never mailed Party B
before, and are not Passlisted, they receive a Challenge-Response
That asks them to paste a password on the Subject line and send
it back.

(A Passlist is a list of addresses from which mail is accepted
without further filtering. This is the first stage of a modern
C-R System.)

The C-R itself is a tiny note that does not include the body of
the original mail but does include the original Subject as in:

Re: Original_Subject

After the Passlist stage, incoming mail is sent to a Spamfilter
that dumps the obvious spam.  This is important, because there
is no point in sending a C-R to a spammer. It's just a waste of
bandwidth and processor time.

The vast majority of spammers take great pains to include false
return addresses that are _not_ likely to belong to a real person
or organization, because this would really anger people and
inspire themto take serious steps to track down the spammer.

We've taken the mail you _know_ you want to receive off the top,
and sent most of the spam to /dev/null (the bit bucket) at this
point in the processing of the incoming mail.

The very small percentage that's left over are sent a C-R.

If the C-R System receives a bounce (No Such Address), the
address is blocklisted for a configurable length of time.

The blocklist is included the second stage (Spamfilter) of the
C-R System.

Passlist --> Spamfilter --> Challenge-Response

   |            |                |
   |            |                |

  YES           NO              MAYBE
 

If a particular address fails to return a C-R twice, it is
blocklisted for a configurable length of time.

Blocklisted mail is sent to /dev/null.

All of the above is done by the C-R System itself, silently.

You won't even know a spammer or troll _tried_ to get their
garbage into your mailboxes.

The only personal involvement is adding or deleting addresses
from your Passlist.

Complete freedom from spam and abusive mail, because spammers and
trolls do not use their real return addresses: they don't want to
be tracked.

I wouldn't even consider using any of the pathetic and
ineffective filters that the spammers promote on this group
because they CAN beat them.

I have better things to do with my time than constantly updating
complex filter recipes and looking through hundreds of possible
spams for mail from a friend or business connection that the
filter couldn't properly classify. And I will not tolerate a
mailbox with spam in it staring me in the face because the
spammers have once again figured out how to beat the latest
filter recipes.

Spam is no longer a part of my life. And good riddance to it.

I don't need spam. I have Google. I can find better deals for
anything, from trustworthy sources, after 5 minutes on Google,
than _ever_ came to me via spam.


AC

Create a group - Google Groups - Google Home - Terms of Service - Privacy Policy
©2009 Google