[conspire] How not to do antispam, latest in a continuing series
Rick Moen
rick at linuxmafia.com
Sun Feb 22 00:26:13 PST 2015
I wanted to also respond _separately_ about why C-R antispam systems are
a terrible idea generally. (This is a different discussion from my
giving Ruben a heads-up about such software and mailing lists.)
My friend Karsten M. Self has written a concise essay listing a dozen
reasons. Please see:
http://linuxmafia.com/faq/Mail/challenge-response.html
Here are Karsten's twelve points, each detailed on the cited page:
0. Weak, and trivially abused, verification basis.
1. Mistaken interpretation of anti-spam goals.
2. Misplaced burden.
3. Privacy violation.
4. Less effective at greater burden than receiver-side whitelisting.
5. High type II error (beta).
6. Potential "Joe-job" denial of service.
7. C-R - C-R deadlock.
8. Potential integration into spam e-mail harvest systems.
9. Likely consequences: C-R messages and users blacklisted or spamfiltered.
10. Mailing list burden.
11. Fails to address techno-economic underpinnings of spam.
(Items 3 & 4 apply only to _outsourced_ C-R services, which most
implementations are.)
RM note: It's a funny thing, but I notice many people, when you tell
them at some length that something is a stupid idea, you're indicating
that it's a debatable question and it'd be a good idea to argue --
when what you're saying is just: It's a stupid idea.
This is one of those. C-R antispam is a stupid idea.
More information about the conspire
mailing list