[Dshield] Re: Spam Email is there a solution "finally"?
iain at caradoc.org
Thu Dec 18 19:40:27 GMT 2003
IT Manager writes:
> Here is the excerpt....
> Hello, you recently sent a message to me at email name . I'm using a
> spam-blocker to screen junk email, however. Please click the link below and
> fill in a few words about why you are emailing me. It shouldn't take more
> than 30 seconds.
> Name of person
I'm of the opinion that "challenge/response" systems for spam-blocking are
Does the system limit responses to a single sender? If not, a black hat can
use your e-mail C/R system to mailbomb someone else, simply by sending lots
of forged-sender e-mail into your system.
How does the system verify that the challenge is sent back to the *real*
sender of such a message?
I've gotten several "challenge" messages in my inbox from systems that I've
never sent e-mail to - but my return address was forged into the original
More information about the list