TidBITS Policy on Challenge-Response
Adam C. Engst,
TidBits,
May 13, 2003
If you're thinking of using a challenge-response (C-R) system to CRLFblock spam, think again. The idea of C-R is that if an email CRLFcomes from an unrecognized source, the email is blocked until CRLFthe sender, in response to an email (the 'challenge') goes to a CRLFwebsite and answers a question only humans can answer (the CRLF'response'). This article identifies a number of C-R pitfalls. It CRLFleaves out the worst one, though: some C-R systems collect the CRLFsenders' email addresses that pass the challenge, and send CRLFthem spam. Anyhow. OLDaily Policy on CRLFChallenge-Response: OLDaily has already been hit by some CRLFC-R systems. I have sent the response, and gotten spam for my CRLFtroubles. And like the authors of this article, I have too many CRLFsubscribers to do this manually. And so, like most newsletter CRLFdistributors, I will simply delete C-R requests. Yes, spam is a CRLFpain. But breaking my nice subscription system isn't the way to CRLFfix it.
Today: 1 Total: 1750 [Share]
] [