RE: [Asrg] Re: Brad Templeton's C/R Guidelines

"Eric Dean" <eric@purespeed.com> Thu, 29 May 2003 22:11 UTC

Received: from www1.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA23512 for <asrg-archive@odin.ietf.org>; Thu, 29 May 2003 18:11:45 -0400 (EDT)
Received: (from mailnull@localhost) by www1.ietf.org (8.11.6/8.11.6) id h4TMBKp27214 for asrg-archive@odin.ietf.org; Thu, 29 May 2003 18:11:20 -0400
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h4TMBKB27211 for <asrg-web-archive@optimus.ietf.org>; Thu, 29 May 2003 18:11:20 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA23448; Thu, 29 May 2003 18:11:14 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19LVab-0003Jy-00; Thu, 29 May 2003 18:09:37 -0400
Received: from ietf.org ([132.151.1.19] helo=www1.ietf.org) by ietf-mx with esmtp (Exim 4.12) id 19LVaa-0003Jv-00; Thu, 29 May 2003 18:09:36 -0400
Received: from www1.ietf.org (localhost.localdomain [127.0.0.1]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h4TMA5B27160; Thu, 29 May 2003 18:10:05 -0400
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h4TM9nB27124 for <asrg@optimus.ietf.org>; Thu, 29 May 2003 18:09:49 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA23290 for <asrg@ietf.org>; Thu, 29 May 2003 18:09:43 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19LVZ8-0003J6-00 for asrg@ietf.org; Thu, 29 May 2003 18:08:06 -0400
Received: from ns2.tidalwave.net ([66.77.68.8] helo=mailgate.purespeed.com) by ietf-mx with esmtp (Exim 4.12) id 19LVZ7-0003If-00 for asrg@ietf.org; Thu, 29 May 2003 18:08:05 -0400
Received: from purespeed.com (mail.purespeed.com [66.77.69.8]) by mailgate.purespeed.com (Postfix Relay Hub) with ESMTP id 2F07C13A40; Thu, 29 May 2003 18:10:28 -0400 (EDT)
Received: from HOMEY [68.100.19.195] by purespeed.com (SMTPD32-7.13) id A465E1470050; Thu, 29 May 2003 18:06:29 -0400
From: Eric Dean <eric@purespeed.com>
To: "Jason R. Mastaler" <jason@mastaler.com>, asrg@ietf.org
Subject: RE: [Asrg] Re: Brad Templeton's C/R Guidelines
Message-ID: <MBEKIIAKLDHKMLNFJODBIEOJFFAA.eric@purespeed.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)
In-Reply-To: <m2d6i2n9tb.fsf@deacon-blues.mid.mastaler.com>
X-MIMEOLE: Produced By Microsoft MimeOLE V5.50.4133.2400
Importance: Normal
Content-Transfer-Encoding: 7bit
Sender: asrg-admin@ietf.org
Errors-To: asrg-admin@ietf.org
X-BeenThere: asrg@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
List-Id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-Post: <mailto:asrg@ietf.org>
List-Help: <mailto:asrg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-Archive: <https://www1.ietf.org/pipermail/asrg/>
Date: Thu, 29 May 2003 18:08:51 -0400
Content-Transfer-Encoding: 7bit
Content-Transfer-Encoding: 7bit

Not sure I agree with preserving the original recipient's email address for
the challenge sender.  It's not really nice when a mail server starts
spoofing people's addresses.  Also, we monitor the bounces of the challenges
to auto-block bogus senders.  If the bounce goes back to the original
recipient, then the server can't tell what message is a bounce vs. normal
email.  One could inspect deep down into the message, but that's a bit
annoying...and intrusive.

Using a "system" email address for the challenge is representative of
exactly what is going on.  A C/R system is challenging a sender.  If the
challenge message bounces, it's returned to the system address which can
readily process it.  Anyway, it's arguable and therefore optional.  I agree
that a sender will more readily respond to a challenge message from someone
he knows, however, I don't like what's really happening.  In addition, if
someone sends a message to 10 people behind a C/R system, are 10 messages
returned?  Which sender is returned?  If you use a system address, it's
simple.

Also, modifying the subject line by prepending a "Re:" or "Fwd:" is just
plain creepy.  If I send a message to someone and they reply..but with their
email address and Re:subject line..then I open the message to find something
else inside...I just don't like that...some do..and do so for valid
reasons...I don't.

> Yakov Shafranovich <research@solidmatrix.com> writes:
>
> > Here is a list of C/R guidelines compiled by Brad Templeton, who
> > wrote one of the early C/R systems (from
> > http://www.templetons.com/brad/spam/challengeresponse.html)

_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg