Thu Mar 18 15:28:11 UTC 2004
Challenge/response systems are a Bad Idea(tm), as demonstrated by the appearance of the enclose message in my mailbox for the preceding message to this mailing list. There are three reasonable responses to a such challenge: 1. ignore it which causes mail to be lost 2. respond to it which causes people to get spam, when what is being challenged is spam with forged sender addresses. 3. notice what it is, unsolicited, unwanted, and substantially identical to many other messages or unsolicitd bulk mail or spam. That implies reporting it to an abuse mailbox or blacklisting the sender. I've used all only #1 and #3 so far. For example, yesterday I received a message that was either advertising for a challenge/response system or a challenge for spam with my address forged as sender, so I used #3. Like many people, I will never respond to a challenge any mail I sent, and I feel somewhat uncomfortable about using #2 for forged spam. I will use #1 in this case. However, future challenges of mail from any of the DCC mailing lists that reach my mailbox will provoke a silent and permanent unsubscribing from the mailing list and a nomination for an entry in the Rhyolite Software list of unwelcome domain names. Vernon Schryver firstname.lastname@example.org > From email@example.com Wed Mar 17 22:59:01 2004 > Date: 18 Mar 2004 05:51:45 -0000 > Message-ID: <firstname.lastname@example.org@qwestip.net> > From: "Qwest Email Server mail-handler" <email@example.com> > To: firstname.lastname@example.org > Subject: Please confirm your message > > Hi. This is the Qwest Email Server mail-handling program. One or more messages > from you are being held because your address was not recognized. > > To release your pending message(s) for delivery, please reply to this > request. Your reply will not be read, so an empty message is fine. > > If you do not reply to this request, your message(s) will eventually be > returned to you, and will never be delivered to the envelope recipient. > > This confirmation verifies that your message(s) are legitimate and not > junk-mail. > > Regards, > > Qwest Email Server (qmail.qwestip.net) > > --- Below this line is the top of a message from you. > > Received: (qmail 18145 invoked by uid 7801); 18 Mar 2004 05:51:45 -0000 > Received: from email@example.com by qmail by uid 7791 with qmail-scanner-1.20 > (spamassassin: 2.63. Clear:RC:0(18.104.22.168):SA:0(0.0/5.0):. > Processed in 2.778093 secs); 18 Mar 2004 05:51:45 -0000 > X-Spam-Status: No, hits=0.0 required=5.0 > Received: from calcite.rhyolite.com ([22.214.171.124]) (envelope-sender <firstname.lastname@example.org>) > by qmail.qwestip.net (qmail-ldap-1.03) with SMTP > for <email@example.com>; 18 Mar 2004 05:51:41 -0000 > Received: from calcite.rhyolite.com (localhost [127.0.0.1]) > by calcite.rhyolite.com (8.12.11/8.12.11) with ESMTP id i2I5iuaf078879 env-from <firstname.lastname@example.org>; > Wed, 17 Mar 2004 22:44:56 -0700 (MST) > Received: from bne438d.server-web.com (bne438d.server-web.com [126.96.36.199]) > by calcite.rhyolite.com (8.12.11/8.12.11) with ESMTP id i2I5dLje078808 > for <email@example.com> env-from <firstname.lastname@example.org>; > Wed, 17 Mar 2004 22:39:22 -0700 (MST) > Received: from [192.168.0.57] ([188.8.131.52]) > by bne438d.server-web.com (8.11.6/8.11.6) with ESMTP id i2I5WW825266 > for <email@example.com>; Thu, 18 Mar 2004 15:32:33 +1000 > Mime-Version: 1.0 (Apple Message framework v613) > Content-Transfer-Encoding: 7bit > Message-Id: <A5A9BEC4-789D-11D8-94CF-000A95DA9CB4@messagecare.com> > Content-Type: text/plain; charset=US-ASCII; format=flowed > To: firstname.lastname@example.org > ...
More information about the DCC