A temptation with challenge/response anti-spam systems

February 10, 2007

Every time I see a mail from a C/R system, I get more and more tempted to teach our mail filtering infrastructure about the most common ones, so that it can automatically acknowledge the challenges, discard the messages, and not bother the users with them at all.

Will this acknowledge a lot of spam, and thus dump it on the people operating those C/R systems? Sure, but that's not our problem. And I'd clearly be doing our users a service, especially if C/R systems get widespread.

(This is another example of how C/R systems try to work by offloading your spam problem on precisely the wrong people. The only way they can 'work' at all is if most of the mail addresses you challenge don't even exist; otherwise you are reaching either spammers or pissed off people, neither of which have your interests in mind.)

As a special bonus prize, I could even hack our system to do this even for local addresses that don't actually exist, since it's perfectly possible to automatically acknowledge the challenge and 5xx the DATA command at the end of the SMTP conversation. I'd have to make sure that this only happened for single-recipient email, but that describes all of the C/R email I'd want to do this to.

(Ob-attribution-darnit: I've had this thought for a while, but the impetus to actually write this entry was provided by reading about a related temptation with C/R systems here.)

Written on 10 February 2007.
« Link: Why the ease of installing Java matters
Weekly spam summary on February 10th, 2007 »

Page tools: View Source, Add Comment.
Login: Password:
Atom Syndication: Recent Comments.

Last modified: Sat Feb 10 21:41:12 2007
This dinky wiki is brought to you by the Insane Hackers Guild, Python sub-branch.