[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Asrg] A CAPTCHA that automatically detects and neutralizes attacks.

>> The filter I was describing was not meant to apply to every form of
>> automated or mass emailing.  It specifically applied to challenges
>> sent in response to an email that had just been sent.
> So if someone forgot to whitelist this mailing list, then I'd get a
> challenge from his mailer.

Well, if it's competently done, the listowner would get a challenge.
As you point out

> (Ever posted to bugtraq and seen the number of idiots with broken
> vacation programs subscribed there?)

"competently done" is rarer than it ought to be in such fields.  I've
actually started using a black-hole address in the headers when posting
to bugtraq because of exactly that effect.  I may drop bugtraq soon,
though, because (1) the broken-autoresponder problem is so annoying,
(2) their sending mailer is severely broken in another way (it retries
5xx-rejected messages) and they don't seem to care, or at least haven't
fixed it despite my doing my best to point it out at least twice, and
(3) I haven't found myself doing anything but glance-and-delete with
bugtraq mail in a while.

Okay, rant over. :-/

> So you are claiming "It's OK to send challenges to bogus mail because
> there's a way for the victim (recipient) to filter them out"?  How
> does that differ from a spammer claiming "I put ADV: at the beginning
> of my Subject headers so it's easy to filter them out if you don't
> want them"?  Spam is spam, and if you auto-send email in response to
> forged messages, you're spamming.

Ah, but *my* mail is okay, because I'm not selling anything.  Um, I
mean, because it's just challenges, to keep my mailbox clean.  Er, that
is, because my heart's in the right place.  Rather, it's only a tiny
quantity of messages, only a few a day....

There seem to be a disturbing number of people who seem to actually
take some such stance.  I've had at least two go-rounds with people who
try to do unauthorized relaying through my mailserver and can't seem to
understand why I find *their* relay attempts just as abusive and
unacceptable as anyone else's.  (Most recently this was SORBS; before
that it was the clowns behind eu.net.)

Speaking of which, my "mail" spam-sink seems to be catching a low level
(maybe two a day) of what appear to be open-relay probes, and my other
defenses are seeing the occasional SMTP address-space scan attempt.
Perhaps spammers don't think open relays are as dead as common wisdom
thinks they are.

/~\ The ASCII				der Mouse
\ / Ribbon Campaign
 X  Against HTML	       mouse at rodents.montreal.qc.ca
/ \ Email!	     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B

_______________________________________________
Asrg mailing list
Asrg at ietf.org
https://www1.ietf.org/mailman/listinfo/asrg