Re: [Asrg] C/R Thoughts: Take 1

"Eric S. Johansson" <esj@harvee.org> Wed, 14 May 2003 12:08 UTC

Received: from www1.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id IAA14336 for <asrg-archive@odin.ietf.org>; Wed, 14 May 2003 08:08:17 -0400 (EDT)
Received: (from mailnull@localhost) by www1.ietf.org (8.11.6/8.11.6) id h4EBYkD06015 for asrg-archive@odin.ietf.org; Wed, 14 May 2003 07:34:46 -0400
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h4EBYkB06012 for <asrg-web-archive@optimus.ietf.org>; Wed, 14 May 2003 07:34:46 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id IAA14296; Wed, 14 May 2003 08:07:46 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19Fv4n-0004zK-00; Wed, 14 May 2003 08:09:41 -0400
Received: from ietf.org ([132.151.1.19] helo=www1.ietf.org) by ietf-mx with esmtp (Exim 4.12) id 19Fv4m-0004zH-00; Wed, 14 May 2003 08:09:40 -0400
Received: from www1.ietf.org (localhost.localdomain [127.0.0.1]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h4EBRNB05615; Wed, 14 May 2003 07:27:23 -0400
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h4EBQ7B05563 for <asrg@optimus.ietf.org>; Wed, 14 May 2003 07:26:07 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id HAA13527 for <asrg@ietf.org>; Wed, 14 May 2003 07:59:08 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19FuwQ-0004kQ-00 for asrg@ietf.org; Wed, 14 May 2003 08:01:03 -0400
Received: from dsl093-191-107.nyc2.dsl.speakeasy.net ([66.93.191.107] helo=harvee.billerica.ma.us) by ietf-mx with esmtp (Exim 4.12) id 19FuwQ-0004kN-00 for asrg@ietf.org; Wed, 14 May 2003 08:01:02 -0400
Received: from harvee.billerica.ma.us (harvee.billerica.ma.us [127.0.0.1]) by harvee.billerica.ma.us (8.12.8/8.12.5) with ESMTP id h4EC29Yv024126 for <asrg@ietf.org>; Wed, 14 May 2003 08:02:09 -0400
Received: FROM harvee.org ([192.168.0.10]) BY harvee.billerica.ma.us WITH ESMTP ; Wed, 14 May 2003 08:02:00 -0400
Message-ID: <3EC2300F.3090801@harvee.org>
From: "Eric S. Johansson" <esj@harvee.org>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.4b) Gecko/20030507
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: asrg@ietf.org
Subject: Re: [Asrg] C/R Thoughts: Take 1
References: <MBEKIIAKLDHKMLNFJODBIEKOFCAA.eric@purespeed.com> <MBEKIIAKLDHKMLNFJODBIEKOFCAA.eric@purespeed.com> <5.2.0.9.2.20030513220542.00ba55b8@std5.imagineis.com>
In-Reply-To: <5.2.0.9.2.20030513220542.00ba55b8@std5.imagineis.com>
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Camram: stamp; 0:030514:asrg@ietf.org:c407927fbaad1fa8
Content-Transfer-Encoding: 7bit
Sender: asrg-admin@ietf.org
Errors-To: asrg-admin@ietf.org
X-BeenThere: asrg@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
List-Id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-Post: <mailto:asrg@ietf.org>
List-Help: <mailto:asrg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-Archive: <https://www1.ietf.org/pipermail/asrg/>
Date: Wed, 14 May 2003 08:01:19 -0400
Content-Transfer-Encoding: 7bit
Content-Transfer-Encoding: 7bit

Yakov Shafranovich wrote:
> As I mentioned before what we are trying to figure out is the intent of 
> C/R systems. We are aware that an automatic procotol can create a hole 
> for spammers but at least the spammers must have a valid return address. 
> The question remains: are C/R systems intended to verify that the 
> message arrived from a valid email address or are they intended to make 
> sure the sender is human?

fair enough.  Obviously, I am coming into the middle of the conversation and am 
trying to catch up.

I would argue that any form[1] of a challenge/response system is trying to 
determine that the e-mail address is valid.  It is unimportant and irrelevant as 
to whether or not the sender was human.  Any notification system (invoice from 
sales, billing etc.) is not sent by human and will not have a usable return address.

A long-winded example of this was pointed out to me by a potential customer. 
They were a financial house and they got notice of transaction completions by 
e-mail from automated systems.  They could not enumerate all of the systems they 
get e-mail from so white lists were out of the question.  They themselves were 
unwilling to provide a real address for bounces from their own automated system 
because they would not dedicate the personnel to sit there and handle all of the 
messages[2].  For them, challenge response without automated handling was 
completely unacceptable.

so, I'll argue for system that will allow automated systems to talk to each 
other by e-mail without any human interaction.

---eric

[1] in their best forms, stamp and challenge/response systems are functionally 
identical.  A stamp can be thought of as a generated answer to an anticipated 
question/challenge.

[2] on the other hand, they could justify spending a couple of salaries on 
rooting through the spamtrap because they had once lost 1.5 million dollars on a 
message that was stuck in the spamtrap for about an hour.  If you ever want to 
know why about something, follow the money.

_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg