Re: TMDA and other challenge-response systems considered harmful

From: richard lyons (richard_at_the-place.net)
Date: 06/01/04

  • Next message: Lucas Albers: "grsecurity ending" 
    To: debian-user@lists.debian.org
Date: Tue, 1 Jun 2004 12:36:59 -0400

    On Tuesday 01 June 2004 08:29, Tom Allison wrote:
    [...]
    > They are also a pain in the neck when you get a CR sent to a
    > mailing list.
    >
    > But most importantly, and this is from personal experience here,
    > they are not very useful. I played with a CR mechanism for a few
    > months on my own mail server and found that I was severely defeated
    > by one simple mechanism. The spammers would fire off their mail
    > and auto-respond to my CR. That created an entirely automated
    > system to whitelist their spam into my server.

    Wow, what nice spammers you meet: give you real addresses. Mine all
    use fake sending addresses, so would never receive any challenge I
    sent. In fact, that is why I always thought some sort of challenge
    system would be effective - it would remove 99% of the spam that
    comes my way, which I, ignorantly, assumed was a representative
    sample. 

    -- 
richard
-- 
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
  • Next message: Lucas Albers: "grsecurity ending"

    Relevant Pages

    • Re: [Full-Disclosure] Im calling for LycosEU heads and team to resign or be sacked
      ... To go back to a previous message; in attacking spammers, ... I run a small mail server that services about 10 domains. ... I have approximately 500MB of spam stored on my server. ... bandwidth fees to upload disk images to a remote server. ...
      (Full-Disclosure)
    • Re: [Full-Disclosure] Im calling for LycosEU heads and team to resign or be sacked
      ... I woud recommend a nice email detailing the real damage and spiritual damage caused by spam, aned what they might do to find a better way to make a living.. ... Lots of spammers are simply trying to make a living, and don't feel they have other options. ... How will we pay for damages, ... I run a small mail server that services about 10 domains. ...
      (Full-Disclosure)
    • Re: Bad case of Spam Fatigue, Can anyone help
      ... When spammers start testing a new domain they often configure such programs to send spam to randomly made up user names. ... When the spammer sells the lists, and the list gets resold over and over this activity can quickly grow exponentially to a point where it can overload a small mail server. ... SPF is a protocol that lets you publish via a DNS record what your outgoing mail servers are so that when another server receives an email with your domain name in the from header, it can check your SPF policy to see if the IP is allowed by you or not. ...
      (comp.mail.misc)
    • Re: TCPIP Services for OpenVMS V5.4 ECO1 anti spam feature
      ... Outblaze is known for prompt nuking of spammers or blocking of any spam ... You can not trust the I.P. address that a relay that delivers spam to ... Essentially they are expecting that if the mail server accepted the ...
      (comp.os.vms)
    • Re: increase in spam and what to do about it
      ... because your potential customer is using an ISP that happens to get ... As fast as you can come up with a trechnical solution the spammers will ... doesn't stop spam but is very likely to make the innocent pay for it. ... organization, ie. ISP - include hefty fines in your customer contract, ...
      (comp.os.vms)