[TriLUG] Another seal broken... thinking of installing a C/R anti-spam system

Sat Jan 27 15:53:43 EST 2007

Why not use CSS to have an email field on a web form that _people_
can't see but bots can. If you get mail from that form with the email
filled in, you know you have a bot and can discard it. Can't remember
where I saw this idea, otherwise I'd link to it.

Might work as a stop-gap.

-CMP

On 1/27/07, jonc at nc.rr.com <jonc at nc.rr.com> wrote:
> Yep. I read that while doing my research on Challenge/Response systems.
> The basic arguement against doing a C/R response is that you respond to
> the forged From and thus add to the problem of spam. Thus my comment on
> one of the seals of doom being broken... :-)
>
> The problem here, is that we have to work with a broken environment for
> smtp that folks refuse to  help fix. I hate to do C/R, but it would
> solve *our* particular problem.
>
> We need for all SMTP to be authenticated and only accepted from the
> authoritative source of that domain. That would effectively cripple
> Spammers. It's not like we allow folks to POP email as a user without
> using a password! Why should we let people drop off email without the
> same protection. Alas, that would mean that folks who make email clients
> would have to adapt them to using auth-smtp. Something so logical seems
> to be beyond the capabilities of Microsoft.
>
> Jon
>
> ----- Original Message -----
> From: Jason Faulkner <jason at oldos.org>
> Date: Saturday, January 27, 2007 11:53 am
> Subject: Re: [TriLUG] Another seal broken... thinking of installing a
> C/R anti-spam system
> To: Triangle Linux Users Group discussion list <trilug at trilug.org>
>
> > C/R systems cause backscatter. Backscatter is considered spam by a lot
> > of people/organizations:
> > http://linuxmafia.com/faq/Mail/challenge-response.html
> >
> > On 1/27/07, jonc at nc.rr.com <jonc at nc.rr.com> wrote:
> > > Yes, another seal standing between man and the end of the world is
> > > breaking.  I am looking at installing a Challenge/Response system
> > for> some of my company's email addresses.
> > >
> > > We already do various filtering, etc... but the volume of spam still
> > > leaking through is about 40/day (about 20% - we are heavily weighted
> > > towards no false negatives), and we only see about 3 real emails
> > a week
> > > for these addresses.
> > >
> > > The legit folks who send email to these addresses are generally
> > low-tech
> > > folks (definitely no geeks). So I don't think a C/R system would
> > offend> them in any way.  Also, I'm thinking of disquising the C/R
> > system as a
> > > web-based request for more info on the mail they sent in.
> > >
> > > The auto-reponse email would have a copy of the original
> > mail/header and
> > > would link back to a web form that puts their original email into
> > the> form and askes them to click some buttons to direct the
> > request to the
> > > proper department :-), plus fill in the proper contact info.
> > >
> > > Of course if they are already in our system, they don't get the C/R
> > > notice. The mail just comes through.
> > >
> > > Jon
> > > --
> > > TriLUG mailing list        :
> > http://www.trilug.org/mailman/listinfo/trilug> TriLUG
> > Organizational FAQ  : http://trilug.org/faq/
> > > TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
> > >
> >
> >
> > --
> > Jason Faulkner
> > http://oldos.org
> > --
> > TriLUG mailing list        :
> > http://www.trilug.org/mailman/listinfo/trilugTriLUG Organizational
> > FAQ  : http://trilug.org/faq/
> > TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
> >
> --
> TriLUG mailing list        : http://www.trilug.org/mailman/listinfo/trilug
> TriLUG Organizational FAQ  : http://trilug.org/faq/
> TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
>

-- 
Cristóbal M. Palmer
UNC-CH SILS Student -- ils.unc.edu/~cmpalmer
TriLUG Vice Chair
"There are many roads to enlightenment, and thus many roads back to
the One True Debian" --crimsun