Challenge/Response systems considered harmful?
cfortune at telus.net
Thu Mar 18 20:13:54 EST 2004
You are not differentiating between well written c/r systems and poorly written ones. A well written c/r system would never
challenge an email from this list because it has a Precedence: Bulk header. One example doesn't make the rule. All horses are not
alike. Of course how are you to know that a challenge is from one or the other? But again, how are you to know that your email
will make it past a badly written/trained Bayesian classifier? The only difference is that c/r has outward signs, and a badly
written Bayesian classifier simply nukes your mail silently.
Also, your list of reasonable responses is incomplete:
4. respond to the challenge because you did send an email to that recipient, and you know that your message will receive their
attention and not be lost in their inbox amongst hundreds of spam emails. It won't be misclassified.
In my own anti-spam system, I use challenge/ response as a 'last resort' when all other filters fail, and I think that is a Good
Idea(TM). I use the authenticated emails to train bogofilter as to what is 'good' email, and this works very well. C/R is a good
technique to use in order to train your Bayesian filter. As the filter becomes trained, then the incedence of c/r reduces
significantly. It plays a very useful part in classifying hard-to-classify emails.
----- Original Message -----
From: "Vernon Schryver" <vjs at calcite.rhyolite.com>
To: <dcc at calcite.rhyolite.com>
Sent: Thursday, March 18, 2004 7:28 AM
Subject: Challenge/Response systems considered harmful
> Challenge/response systems are a Bad Idea(tm), as demonstrated by the
> appearance of the enclose message in my mailbox for the preceding
> message to this mailing list.
> There are three reasonable responses to a such challenge:
> 1. ignore it
> which causes mail to be lost
> 2. respond to it
> which causes people to get spam, when what is being challenged is
> spam with forged sender addresses.
> 3. notice what it is, unsolicited, unwanted, and substantially identical
> to many other messages or unsolicitd bulk mail or spam. That implies
> reporting it to an abuse mailbox or blacklisting the sender.
> I've used all only #1 and #3 so far. For example, yesterday I received
> a message that was either advertising for a challenge/response system
> or a challenge for spam with my address forged as sender, so I used #3.
> Like many people, I will never respond to a challenge any mail I sent,
> and I feel somewhat uncomfortable about using #2 for forged spam.
> I will use #1 in this case. However, future challenges of mail from any
> of the DCC mailing lists that reach my mailbox will provoke a silent and
> permanent unsubscribing from the mailing list and a nomination for
> an entry in the Rhyolite Software list of unwelcome domain names.
> Vernon Schryver vjs at rhyolite.com
> > From dcc-admin at rhyolite.com Wed Mar 17 22:59:01 2004
> > Date: 18 Mar 2004 05:51:45 -0000
> > Message-ID: <confirm-a5a9bec4-789d-11d8-94cf-000a95da9cb4 at email@example.com>
> > From: "Qwest Email Server mail-handler" <iqbala-qconfirm-f6d859b58f91a66a7f52041ec1b8809a at qwestip.net>
> > To: dcc-admin at rhyolite.com
> > Subject: Please confirm your message
> > Hi. This is the Qwest Email Server mail-handling program. One or more messages
> > from you are being held because your address was not recognized.
> > To release your pending message(s) for delivery, please reply to this
> > request. Your reply will not be read, so an empty message is fine.
> > If you do not reply to this request, your message(s) will eventually be
> > returned to you, and will never be delivered to the envelope recipient.
> > This confirmation verifies that your message(s) are legitimate and not
> > junk-mail.
> > Regards,
> > Qwest Email Server (qmail.qwestip.net)
> > --- Below this line is the top of a message from you.
> > Received: (qmail 18145 invoked by uid 7801); 18 Mar 2004 05:51:45 -0000
> > Received: from dcc-admin at rhyolite.com by qmail by uid 7791 with qmail-scanner-1.20
> > (spamassassin: 2.63. Clear:RC:0(18.104.22.168):SA:0(0.0/5.0):.
> > Processed in 2.778093 secs); 18 Mar 2004 05:51:45 -0000
> > X-Spam-Status: No, hits=0.0 required=5.0
> > Received: from calcite.rhyolite.com ([22.214.171.124]) (envelope-sender <dcc-admin at rhyolite.com>)
> > by qmail.qwestip.net (qmail-ldap-1.03) with SMTP
> > for <iqbala at qwestip.net>; 18 Mar 2004 05:51:41 -0000
> > Received: from calcite.rhyolite.com (localhost [127.0.0.1])
> > by calcite.rhyolite.com (8.12.11/8.12.11) with ESMTP id i2I5iuaf078879 env-from <dcc-admin at rhyolite.com>;
> > Wed, 17 Mar 2004 22:44:56 -0700 (MST)
> > Received: from bne438d.server-web.com (bne438d.server-web.com [126.96.36.199])
> > by calcite.rhyolite.com (8.12.11/8.12.11) with ESMTP id i2I5dLje078808
> > for <dcc at rhyolite.com> env-from <bernard.gardner at messagecare.com>;
> > Wed, 17 Mar 2004 22:39:22 -0700 (MST)
> > Received: from [192.168.0.57] ([188.8.131.52])
> > by bne438d.server-web.com (8.11.6/8.11.6) with ESMTP id i2I5WW825266
> > for <dcc at rhyolite.com>; Thu, 18 Mar 2004 15:32:33 +1000
> > Mime-Version: 1.0 (Apple Message framework v613)
> > Content-Transfer-Encoding: 7bit
> > Message-Id: <A5A9BEC4-789D-11D8-94CF-000A95DA9CB4 at messagecare.com>
> > Content-Type: text/plain; charset=US-ASCII; format=flowed
> > To: dcc at rhyolite.com
> > ...
> DCC mailing list DCC at rhyolite.com
More information about the Bogofilter