im thinking about moving our server to a challenge/response system. anyone ever deploy one of these? how effective are they?
SPAM prevention: Challenge/Response?
- Thread starter groovin
- Start date
groovin, there are two significant problem with C/R systems. First off, most spam now has forged From addresses, often taken from the same spam list as the To addresses. So if a spammer has your address to send you spam, somebody else is getting spam with your address as the claimed sender - and if they use C/R, you now get spammed with the challenge messages. So in fact now you just doubled the volume of junk email. Second, a lot of users are confused or annoyed by the challenges and will not respond to them. You can miss out on legitimate communication because of them.
That all said, I think C/R has some value and actually do use it myself. The trick is that I use SpamAssassin with its Bayesian learner as a classifier, and identified "spam" gets fed to TMDA for a challenge. This means that most legitimate folks who email me get right through, and mail that gets identified as spam gets a chance at coming back to life instead of being dropped in the void or requiring my time to sort through it. I will not claim that this scheme is perfect - for example it has the forged sender problem. However, so far, this scheme has served me very well, much more so than schemes that I have used before. I get about 300-400 spam messages a day to my main email account, and maybe 5 get through, and to my knowledge no human sent email has ever gotten lost (owing to the C/R providing a way for a human to rescue a false positive).
There are a lot of huge differences of opinion in anti-spam circles because all anti-spam schemes are trade-offs. Therefore, you should never take anyone's opinion - mine included - on an anti-spam solution as being the one and final truth.
That all said, I think C/R has some value and actually do use it myself. The trick is that I use SpamAssassin with its Bayesian learner as a classifier, and identified "spam" gets fed to TMDA for a challenge. This means that most legitimate folks who email me get right through, and mail that gets identified as spam gets a chance at coming back to life instead of being dropped in the void or requiring my time to sort through it. I will not claim that this scheme is perfect - for example it has the forged sender problem. However, so far, this scheme has served me very well, much more so than schemes that I have used before. I get about 300-400 spam messages a day to my main email account, and maybe 5 get through, and to my knowledge no human sent email has ever gotten lost (owing to the C/R providing a way for a human to rescue a false positive).
There are a lot of huge differences of opinion in anti-spam circles because all anti-spam schemes are trade-offs. Therefore, you should never take anyone's opinion - mine included - on an anti-spam solution as being the one and final truth.
thanks for the input cmetz,
TMDA looks like a good option to me so far since I use qmail. forged source addresses?? damn... id hate to create even more junk traffic on the net, but since my server isnt very big, i think the internet will survive a few dozen c/r's per day. youre right, trade offs...
TMDA looks like a good option to me so far since I use qmail. forged source addresses?? damn... id hate to create even more junk traffic on the net, but since my server isnt very big, i think the internet will survive a few dozen c/r's per day. youre right, trade offs...
Personally, I like the idea of a clearing house that you have to agree to pay a small amount for every email message. The receiver has the option to decline to charge you if it's email that's welcome, but any spam would be charged. This would stop cold any mass emailing, even a penny or two per message would make it financially a loser. You'd subscribe to the service and all the email would be routed through the service.
TRENDING THREADS
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 25K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes Discussion Threads
- Started by Tigerick
- Replies: 21K
-
Discussion Intel current and future Lakes & Rapids thread- Started by TheF34RChannel
- Replies: 23K
-
-
Facebook
Twitter