[linux-elitists] ELNK Spam/Joe-Job confirmation request: [email@example.com: Re: trombone]
Karsten M. Self
Fri Oct 10 18:10:00 PDT 2003
I've received the following confirmation request from Earthlink's spam
blocker challenge-response system. It appears to be directed to me
based on a spoofed 'From:' sender on an item of spam.
I've previously discussed this very issue with Mary Youngblood, manager
of Earthlink's abuse department. Specifically: challenge-response
systems used as a primary "pure-play" spam defense results in spam and
Joe-job attacks by the C-R system itself.
At its simplest: C-R systems generate a large number of bogus
challenges (this is a design intent and fundamanetal assumption -- the
belief being that these will not be answered). If these go to
legitimate addresses, people will quickly adapt to treating these as the
spam that they are, not respond to them, and invalidate the *other*
premise of C-R: that your _legitimate_ senders will respond to your
challenges. Because most C-R is spam, _most_ will be treated this way.
There's an interesting economic basis for this in George Akerlof's "The
Market for Lemons", referring to used car sales.
Already this year, spoof, bogus, or unnecessary challenges received by
me outnumber legitimate ones better than two to one. This is with C-R
being used by a very small fraction of persons online.
If Earthlink is to implement a C-R system, it *MUST* place virus and
spam filters *in front* of the C-R system, to prevent sending of
challenges to mail reasonably believed to be illegitimate. There are
may economical solutions whose accuracy, efficacy, and performance
profiles are suitable for use. Failure to do so will result in
Earthlink's challenges being reported as spam, and a breakdown in the
actual utility of any C-R system.
I am also specifically requesting that my email address be added to an
Earthlink-wide DO NOT MAIL list associated with Earthlink's C-R system.
Please forward this message to Ms. Youngblood.
----- Forwarded message from firstname.lastname@example.org -----
Received: from popd.ix.netcom.com [18.104.22.168]
by localhost with POP3 (fetchmail-6.2.4)
for karsten@localhost (single-drop); Thu, 09 Oct 2003 17:54:21 +0100 (BST)
Received: from flicker.mail.pas.earthlink.net ([22.214.171.124])
by killdeer (EarthLink SMTP Server) with ESMTP id 1a7DZX1gX3NZFlr0
for <email@example.com>; Thu, 9 Oct 2003 09:50:45 -0700 (PDT)
Received: from penguin-120.pocket ([10.4.120.134] helo=penguin)
by flicker.mail.pas.earthlink.net with smtp (Exim 3.33 #1)
for firstname.lastname@example.org; Thu, 09 Oct 2003 09:50:36 -0700
Subject: Re: trombone
Content-Type: multipart/alternative; boundary="SPMB1065718234a42b4714f99c4390332e096f7e0a571e"
Date: Thu, 09 Oct 2003 09:50:36 -0700
X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on
X-Spam-Status: No, hits=1.7 required=5.0 tests=BAYES_56,CLICK_BELOW,
This is an automatic reply to your email message to email@example.com
This email address is protected by EarthLink spamBlocker. Your
email message has been redirected to a "suspect email" folder for
firstname.lastname@example.org. In order for your message to be
moved to this recipient's Inbox, he or she must add your email
address to a list of allowed senders.
Click the link below to request that email@example.com add you to this list.
----- End forwarded message -----
Karsten M. Self <firstname.lastname@example.org> http://kmself.home.netcom.com/
What Part of "Gestalt" don't you understand?
Reject EU Software Patents! http://swpat.ffii.org/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: Digital signature
Url : http://allium.zgp.org/pipermail/linux-elitists/attachments/20031011/cc3f03ad/attachment.pgp
More information about the linux-elitists