I'm not the first to say this, and I won't be the last
Challenge-response systems suck
In the good old days, if someone wrote a worm for Windows that sends a mail to a third party address with an envelope faked as if I sent it then one of two things could happen:
Enter challenge response systems. This is the third message I have had asking to confirm the message that "I" sent:
Date: Thu, 03 Jul 2003 19:02:30 -0700
From: Xxxxxxx Xxxxxxxx
X-MB-Message-Source: MailblocksSystem
X-MB-Message-Type: ChallengeReminder
Subject: Re: Re: Movie [Reminder]
To: nick@flirble.org
Final Reminder:
You have sent email to my Mailblocks spam-free email service.
Because you have not yet confirmed yourself, your messages still
have not been delivered.
It's simple. To prove your message comes from a human and not a
computer, go to:
http://app2.mailblocks.com/confirm2.aspx?ckC=1GbpxGY3JXAkBBauNWQrZGasJXbiUGbuJ3unx2rcw**
Here is a list of the email messages you have sent that are in my
Pending folder waiting for your quick authentication:
Sent: Deletion Time: Subject:
---------------- --------------- -----------------------------
Jun 26, 06:58 PM Jul 10, 06:58 PM Re: Movie
Please note if you have not confirmed by the deletion times shown
above, your messages will automatically be deleted.
-----
Email for Humans... Mailblocks
Try Mailblocks web-based personal email -- faster, cleaner interface, more
storage, bigger attachments, and 100% spam-free. http://about.mailblocks.com/?src=email7day
(c) 2003 Mailblocks Inc. All rights reserved.
Notice how I can't shut them up even I want to - there is no link to click to say "forget it, this wasn't me". I've been quite tempted to click on that link to let the message through - after all, in the short term, I lose nothing by doing that, but gain silence. Maybe there is a good use for all these Windows worms - I hope that all these challenge-response store systems are suffocating under the weight of SOBIG and Klez, and we soon will be rid of them.
Re:There's only one way to deal with them...
sheriff_p on 2003-07-07T10:13:52
Which would be SPF:
http://spf.pobox.com/Re:There's only one way to deal with them...
pdcawley on 2003-07-08T23:43:49
That's the name I was looking for.Re:There's only one way to deal with them...
nicholas on 2003-07-10T12:18:22
such fuckwitted systemsI've just received another from someone else, thanks to SOBIG.E. This challenge wants me to respond with a reply to an e-mail address. Helpfully it's set the
Reply-To
to that address. That way lies madness - if the faked from address had not been me, but that of any autoresponder, then the challenge will be met, and the orginal unwanted message will get through. Then again, it's not my problem if the C/R luser gets the infected message sent to him/her/it.