[bf1942] Re: Verification required for whoccares at comcast.net, protected by 0Spam.com.

[AthlonRob]

On Tue, 2004-02-10 at 17:14, Rick Thompson wrote:
> We use 0spam.com protection on most accounts. There is nothing wrong with 
> the way it functions and there is nothing wrong with using a protected 
> email for this list. The problem is the way the list functions or more 
> accurately, that it functions unexpectedly.

Wrong on both accounts. There *is* something wrong with the way it
functions and there *is* something wrong with using a protected email
account for this list.

C/R spam protection schemes pretty much just SUCK!  If for no other
reason, than just because of what they do to mailing lists.  If they
didn't do it so frequently, nobody would care.  But this happens far too
often.

There are better ways to stop spam.  These methods do not have any
negative impact on the sender.  Look in to SpamAssassin.

> Most people, especially list veterans are going to assume it's Majordomo or 
> a clone and whitelist the list domain or list address.

No, veterans are going to know to check and make sure before
implementing such schemes.  No, wait, they aren't going to implement
such schemes at all.

> Not that this list software is breaking any RFC or anything but when you 
> change something so basic you have to expect this exact scenario.

The only time you must expect "this exact scenario" is when individuals
decide to use things such as C/R to kill spam.  Now, every piece of spam
sent to your address is going to result in at least one other message,
wasting more resources.  More than likely, that one extra message will
cause a bounce email to be generated by the spoofed mail server.  That
bounce, then, may even cause a C/R email to be sent to the bounce
sender!

How fucked up is that?

Rob