Re: anti-spam web page and email reply
- From: Bill Cole <bill@xxxxxxxxxxxxx>
- Date: Wed, 30 Aug 2006 12:17:12 GMT
In article <1156918522.826720.134790@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>,
"pibe1" <rizzomeister@xxxxxxxxx> wrote:
Taylor, Grant wrote:
pibe1 wrote:
Unfortunately once you accept the request, the web page displays
something different untill the next time your try to send an email to a
different user.
However, I found some info on their spamBlocker page.
http://www.earthlink.net/software/free/spamblocker/
I believe have been able to trip the filter by changing the format of my
textual name, i.e. "Grant <gtaylor@...>" verses "Taylor, Grant
<gtaylor@...>" verses "Grant Taylor <gtaylor@...>". So, it may be possible
to do so.
Most C/R systems are done via email. However some, like Earthlink, use web
pages for the response to the challenge.
Grant. . . .
Where can I find more information on how to set up a C/R system Or can
sendmail be set up to do the C/R
Don't.
You CAN hook up a challenge/response system with Sendmail, but by their
nature they are abusive. That includes Earthlink's implementation. Most
mail currently is spam with forged but functional sender addresses, so
the challenge messages for most mail will be sent to people who did not
send the suspect mail and have no interest in whether or not you get
spam.
People who get large numbers of such pointless challenges for mail we
never sent (myself included) take varying approaches to dealing with
them, including rejecting them in SMTP before accepting them, accepting
them but silently dropping them, completely shunning all mail from the
servers and/or networks that send them, and reporting them as spam
themselves to whatever upstream providers are willing to act on the
abuse. In short, they get treated as spam, which by any logical
definition they are.
There are variations on the C/R concept that are not abusive, which they
manage by pushing the 'challenge' down into SMTP. This is done by
putting long text explanations into the free-form part of SMTP rejection
messages providing information on how to get the rejected message
through that system. Because this is done in SMTP response without
accepting the message rather than by accepting the message and then
trusting the sender address to be a path back to the real sender, it
does not involve the challenging system in any uncertainty about who the
real sender is. Not a bad idea, and certainly something one could do
with Sendmail (with a little coding) but I don't have any sense of how
well such approaches work. They would not work well with senders whose
mail is mediated by recent versions of the malware known as Exchange,
which replaces the text content of SMTP error messages with its own
(usually wrong) interpretations of the numeric codes.
In the modern world with forged-sender spam accounting for most mail,
any system that responds to untrusted mail by trusting any element of it
is fundamentally misdesigned and is doomed to be abusive of innocent
third parties.
--
Clues for the blacklisted: <http://www.scconsult.com/bill/dnsblhelp.html>
Current Peeve: "This page was written to render correctly in any standards
compliant browser" on pages with hundreds of HTML errors.
.
- References:
- anti-spam web page and email reply
- From: pibe1
- Re: anti-spam web page and email reply
- From: Grant Taylor
- Re: anti-spam web page and email reply
- From: pibe1
- Re: anti-spam web page and email reply
- From: Taylor, Grant
- Re: anti-spam web page and email reply
- From: pibe1
- anti-spam web page and email reply
- Prev by Date: Re: unknown user -> Sendmail tries to reply to spammers (?!)
- Next by Date: Re: Why am I rejecting mail? (Jack Rabbit Vibrator Sex Toy) - Header Error
- Previous by thread: Re: anti-spam web page and email reply
- Next by thread: Re: anti-spam web page and email reply
- Index(es):
Relevant Pages
|
Loading
