Interesting People mailing list archives
Yet another badly-broken challenge-response mail system
From: Dave Farber <dave () farber net>
Date: Fri, 01 Aug 2003 07:31:43 -0700
Date: Fri, 01 Aug 2003 08:02:00 -0400 From: Rich Kulawiec <rsk () gsp org> Subject: Yet another badly-broken challenge-response mail system To: Dave Farber <dave () farber net> ----- Forwarded message from Ted Dolotta <Ted () Dolotta ORG> -----> Thank you for sending me your email with the subject "Re: [IP] An interesting > perspective on the latest DARPA brouhaha". I really want to receive your email.> In an effort to eliminate junk email, I am using MailFrontier Matador. > Matador has placed your message on hold. > > Please click the link below so you will be added to my Allowed people list, > I will receive your email, and we will be able to communicate freely going > forward. > > <http://c.mailfrontier.net/XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX> This presumes that I am a) on a TCP/IP network b) not behind a firewall which blocks HTTP c) on a computer with a web browser d) willing to start up a web browser just to have my mail delivered e) using a web browser that works with their site -- any bets on a text-only cookie-rejecting Javascript-disabled browser? f) willing to verify for mailfrontier.net, a third party, that this is a known-working mail address g) not blocking mail from the third party (as opposed to the person I was sending mail to) h) willing to do this jump-through-the-hoop exercise (with individual variations, of course) every time I send mail to someone I *probably* could subvert this by forging Dave's address or the address from which IP is sent into the headers, but I'm not going to do that. Instead, I'm going to drop mailfrontier.net into the local blocklist, permanently, so that I am no longer asked to jump through hoops merely to send a mail message. The irony of all this is that a simple, low-cost anti-spam system built from open-source software and databases -- one which should already be in place on all competently-operated mail servers -- is capable of blocking upwards of 90% of spam with a false positive rate ranging tenths to hundredths of a percent AND simple mechanisms [which use mail themselves] for those accidently caught to report the problem and get it fixed. It works; it works efficiently; and it doesn't require that senders/recipients use anything other than the mail client that they are obviously already using. But *this* system has a 100% false-positive rate, until corrections are incrementally applied by correspondents. It thus shifts the work of achieving accurate results (low false positive and low false negative rates) to everyone BUT the vendor who's presumably the one being paid to perform the task of screening mail! Even so, application of thousands of corrections would still leave it with a 99.999% false positive rate -- which is ludicrous. ---Rsk
------------------------------------- You are subscribed as interesting-people () lists elistx com To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/
Current thread:
- Yet another badly-broken challenge-response mail system Dave Farber (Aug 01)