|
FastMail Forum All posts relating to FastMail.FM should go here: suggestions, comments, requests for help, complaints, technical issues etc. |
|
Thread Tools |
17 Oct 2004, 10:21 AM | #1 |
Cornerstone of the Community
Join Date: Sep 2004
Location: Calgary
Posts: 606
|
Challenge / Response
I use mailblocks (Challenge / Response) to deal with some of my older ISP e-mail accounts that receive more spam than I care to put up with.
I FM were to include a challenge response feature someday that would great. But only if it could be engaged under user definable conditions, perhaps even from within sieve. It would be one more asset and one more step for some of us towards having all our e-mail "under one roof", so to speak. Neil |
17 Oct 2004, 10:42 PM | #2 |
Ultimate Contributor
Join Date: Dec 2001
Location: Canada.
Posts: 10,355
|
Hi Neil: Personally I do not want to see fastmail employ a challenge response system. Fastmail have enough problems now, due to an overdeveloped feature set. This would be just one more thing to cause bugs and mail delays.
Anyone who receives lots of important mail, from customers or clients (or people in large organizations) likely would not support the development of this feature. |
18 Oct 2004, 06:21 AM | #3 | |
Member
Join Date: Nov 2003
Location: Wales
Posts: 69
|
Hi Neil,
I'm another who uses mailblocks for c/r and I get FM to pick them up from there. It's a feature that seems to get raised fairly regularly here (and even just about scrapes into the top 10 of Kander's features pole). Quote:
Gareth |
|
19 Oct 2004, 10:52 PM | #4 |
Senior Member
Join Date: Apr 2004
Posts: 156
|
I'd like to see this feature also. It would be gr8 in sieve..eg
if x-spam-score>5 THEN divert to C/R |
27 Oct 2004, 02:28 PM | #5 |
Essential Contributor
Join Date: Jul 2004
Location: Michigan
Posts: 307
|
It's probably easier and much more appropriate to have C/R a checkbox on each of your aliases. C/R depends more on where you are advertizing your address and not what kind of mail you are receiving.
|
1 Nov 2004, 12:20 PM | #6 | |
Senior Member
Join Date: Apr 2004
Posts: 156
|
Quote:
|
|
1 Nov 2004, 01:14 PM | #7 | |
Ultimate Contributor
Join Date: Dec 2001
Location: Canada.
Posts: 10,355
|
Quote:
C/R systems would put an end to "mailing lists" as we know them today (if adopted as a standard) as many of them authenticate mail using the "from line" address, which is (in most cases) forged. C/R systems will only force spammer's to become more inventive. As they seek out new ways and think up new ideas to crack "whitelists" they will further increase their efforts, And puke out even greater amounts of spam.... resulting in longer delays, as the existing (plugged up) pipelines become even more congested. You don't protect yourself against the bad guy by putting yourself in jail... |
|
2 Nov 2004, 01:07 AM | #8 |
Master of the @
Join Date: Oct 2003
Location: Greenbelt, MD (USA)
Posts: 1,278
|
Just to throw some other (potentially interesting) stuff into the mix: in this thread JeffK came up with an interesting idea of creating a C/R system. The thread also generated some interesting discussion on the pros/cons of such a system.
|
2 Nov 2004, 03:45 AM | #9 |
Moderator
Join Date: Feb 2002
Location: Kingaroy, AU
Posts: 3,179
|
I am intersted in this conversation again. I was recently the "victim" of literally thousands of C/R and "I'm not here" responses from a rolling joe-job performed using my daughter's fastmail address. To the extent where I had to close the address down.
It made me think about whether I am contributing to the problem by having some C/R in my email setup and whether I should change that aspect. Jeff |
8 Jan 2006, 02:33 AM | #10 |
Junior Member
Join Date: Sep 2004
Posts: 16
|
From what I've seen so far C/R is by far the most complete defense against spam email. To avoid problems with your clients it's up to you to put people you don't want challenged on your whitelist. Joejob attacks can happen wether you're using C/R or not.
|
8 Jan 2006, 02:20 PM | #11 |
Intergalactic Postmaster
Join Date: May 2004
Location: Irving, Texas
Posts: 8,930
|
In my opinion, challenge/response systems have the same problem as bouncing spam -- the C/R system causes any message with an incorrect reply-to address (such as spam) to be resent to an unsuspecting victim.
For example, I get a lot of challenge responses sent to my personal domain which were caused by spam sent to others using C/R systems. If I also had a C/R system, I might be generating a challenge to the unsuspecting victims of the original spam mail. Their C/R system would then send me a challenge. If my C/R system was properly keeping track of these messages (including the use of aliases), then it might stop there. But it's filling up a lot of victim Inboxes from one spam! So I don't support using challenge/response. I just delete any such challenges which I receive. None of my normal personal or business contacts uses C/R. |
8 Jan 2006, 02:50 PM | #12 |
Junior Member
Join Date: Sep 2004
Posts: 16
|
I think most spam don't have a valid reply addresses. Your scenario is certainly plausible but I haven't experienced it. More and more of my clients are starting to use C/R desktop applications or C/R mail services such as SpamArrest and are reducing their flood of spam to almost nothing. I have yet to hear one of them report the scenario you speak of.
|
9 Jan 2006, 05:37 AM | #13 | |
The "e" in e-mail
Join Date: Oct 2002
Location: Holon, Israel.
Posts: 4,863
|
Quote:
|
|
9 Jan 2006, 06:22 AM | #14 |
Junior Member
Join Date: Sep 2004
Posts: 16
|
only if they are the subject of a joejob attack, eh? otherwise the challenge goes out into the ether.
|