Re: forged bounces, was [Asrg] A CAPTCHA that automatically detects and neutralizes attacks.

[der Mouse <mouse at Rodents.Montreal.QC.CA>]

> What I've been referring to as bounces may more appropriately be called challenges.  Anyway, what I have been saying is that the challenge (which currently looks like an ordinary email) be standardized so that they can be universally recognized as a challenge.  I am proposing a filter that could recognize this challenge email.  The challenge email would contain the email address of the relevant email account in an easily parsable form so that the filter can make sure that the challenge is being received by the user who had just sent out the corresponding email.

Could you *please* not use huge single-line paragraphs?

To re-linebreak this and pick out the relevant part,

> Anyway, what I have been saying is that the challenge (which
> currently looks like an ordinary email) be standardized so that they
> can be universally recognized as a challenge.

Good luck.  We have yet to get even anything close to universal
adoption of the *existing* standard for bounces (see RFC 3462 - I
regularly get annoyed by blowback bounces not correctly formatted and
which thus aren't recognized as bounces by my software[%]).  I can't
see any reason to think that C/R challenges would fare any better.

/~\ The ASCII				der Mouse
\ / Ribbon Campaign
 X  Against HTML	       mouse at rodents.montreal.qc.ca
/ \ Email!	     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B

_______________________________________________
Asrg mailing list
Asrg at ietf.org
https://www1.ietf.org/mailman/listinfo/asrg