[SLL] [SLL} Re: Anti-spam methods
Glenn Stone
technoshaman at liawol.org
Sun Jul 29 15:09:39 PDT 2007
On Sat, Jul 28, 2007 at 05:06:58PM -0400, Nicholas Bodley wrote:
>
>Fwiw, I just answered a challenge message sent as part of a routine online
>business matter. The company didn't recognize my e-ddress, and provided a
>link in its message body. Went there, and found a neat, concise window
>that asked me to visually copy a number (not OCR obfuscated, either) to
>authenticate my reply. Worked very nicely, so I thought I'd pass on the
>company name.
Challenge-response kinds of anti-spam don't work very well in corner cases.
Consider the case of two people attempting to exchange email, each of which
has one of these critters configured. The first sender elicits a challenge,
which runs into his own challenge-response mechanism... *boom*. Or, even
simpler, the case of "I need help, I'm getting on an airplane and I need an
answer by the time I land..."
Bad juju.
On the other hand, I have found greylisting, which is almost but not quite a
challenge-response mechanism which is *built into SMTP*, to be quite
effective. Most well-behaved MTA software will retry just after the
greylist timeout, or, if not, within an hour... some of it goes to my backup
MX, whose greylister is far more experienced with which domains are and are
not spam than mine is... and a heck of a lot of spam bounces off it on the
first try and never comes back.
There is the oddball spam engine that actually knows proper retry protocol
(or simply hijacks someone else's MTA that does)... and those will often get
all the way through... but the odds of something doing that are on the order
of 1 in 20... which is really not all that bad considering I'm doing zero
content filtering.
-- Glenn
More information about the linux-list
mailing list