[NTLUG:Discuss] Postfix Spam Blocking

Brian brian-keyword-ntlug.8c595f at pongonova.net
Sat Feb 5 16:56:50 CST 2005 

On Sat, Feb 05, 2005 at 03:45:38PM -0600, Kevin Brannen wrote:
> I'm curious what people think about challenge/response (C/R) for spam 
> control.  

I used TMDA C/R for about a year.  What I discovered, during that year's
time, is that:

(1) some people I wanted to correspond with were indignant that I was
demanding that they respond to a challenge before they would be
"accepted" by me as a non-spammer.

(2) a good number of people I wanted to correspond with simply didn't
respond to the challenge, either because they didn't understand what
was being asked of them, or they've become so suspicious of e-mails
asking them to do something that they chose not to respond for
security reasons.

It would be easy for me to dismiss these individuals as simply being
in the wrong (in the case of the indignant ones) or being so stupid as
to not being able to read and comprehend simple instructions.  But the
more I thought about it, the more I began to realize that people are
being bombarded with what not to do when they receive e-mail:  Don't
open this, don't click that, don't respond to those, don't don't
DON'T. I take it very much for granted that I have a high probability
of being able to sort the bad e-mail from the good,  but (I asked
myself) is it right to assume the same level of comprehension as
others who aren't as tech-savvy?

One of the courses I teach at my job at a local community college is
computer literacy.  I am simply amazed at the level of ignorance in
these students when it comes to issues involving e-mail, the Internet,
malicious payloads, etc.  I have spoken before enough students to
realize that a good many of them *would not be able to comprehend,
much less follow through, with a TMDA-generated e-mail challenge*!

I've since re-evaluated my position on C/R, and no longer use it.  I
don't want people to have to go through the double-fisted super-duper
secret handshake to correspond with me.  And I can can empathize with
those who don't want to engage in the same activity.  This isn't a
religious thing with me:  I might think about it some more, and decide
that maybe C/R is the way to go.  But as of this moment, I've decided
not to use it.

So you could say that I've based my decision not to use C/R on quite a
bit of empirical evidence that isn't usually available to those that
don't actively teach or come in contact with non-techie types.  It's
hardly scientific, largely anecdotal, but I'm convinced that C/R has a
long way to go before it's universally accepted.

  --Brian


 


I can see it being fairly successful, but I can also see it 
> cutting down or eliminating real email from people you don't hear from 
> often enough to have whitelisted.  What are the thoughts of people on 
> this subject?
> 
> I'm asking because I've decided to start ignoring C/R types email 
> totally, and I'd like to know if I'm going down a wrong road because C/R 
> is the wave of the future (I don't think so but I am asking because I 
> could be mistaken).  I understand people use it for spam control, but it 
> so inconveniences me, I've decided that they probably didn't really want 
> my email to begin with.
> 
> Nothing against the person who wrote the snippet I quoted, or anyone 
> else here for that matter; but reading that reminded me of my question. :-)
> 
> Kevin
> 
> _______________________________________________
> https://ntlug.org/mailman/listinfo/discuss

More information about the Discuss mailing list