Mailing List Archive

Hey Alton,

On Sun, 2004-03-14 at 23:22, Alton Danks wrote:
> Hello,
>
> I'm starting to get email like the following. Is this spam looking for my
> response or a useless anti-spam response to an email that has forged my
> address
> as sender?

This is known as C-R or challenge-response, some people love it, some
hate it. The question of whether or not such C-R e-mail is spam is
controversial.

Some people believe that C-R creates more problems, because it
effectively doubles (or triples) the amount of mail - the original
e-mail, the challenge, and then the response back.

Others believe that if used with other anti-spam systems, such as SA,
the amount of challenges can be culled down to a minimum, while
providing an extra 'layer' of protection against spam.

There are several articles about the effectiveness of C-R;
http://www.freedom-to-tinker.com/archives/000389.html
http://www.politechbot.com/p-04746.html
(which are both anti)
http://www.tmda.net/challengeresponse.html

In answer to your original question (sorry went off the beaten track for
a minute), this is probably not someone trying to harvest your address,
I've yet to see spammers faking C-R responses, although, they probably
will eventually...

-j

--
-jamie <jamie@silverdream.org> | spamtrap: spam@silverdream.org
w: http://silverdream.org | p: sms@silverdream.org
pgp key @ http://silverdream.org/~jps/pub.key
23:30:01 up 11 days, 8:50, 12 users, load average: 0.05, 0.09, 0.09

Robin Lynn Frank <rlfrank+sa <at> paradigm-omega.com> writes:

> Its a challenge/response system responding to a forged email, so you are
> probably being joe-jobbed.
>

OK. Now I'm getting quite a few more. Is there anything I can do about this? I
don't see many options, but I'm new to this.

Al

Al Danks <adanks@calvin.edu> wrote:

> OK. Now I'm getting quite a few more. Is there anything I can do
> about this? I don't see many options, but I'm new to this.

If they're all coming from the same person, I suggest simply
responding to the challenge. Then the person attempting to
protect his address with the challenge-response system will
start getting the spam rather than spamming you with the
challenges. Challenge-response systems are a way of offloading
your spam onto innocent parties, so anything that undermines
them is a good thing in my book.

--
Keith C. Ivey <kcivey@cpcug.org>
Washington, DC

At 06:22 PM 3/14/04 -0500, Alton Danks wrote:
>I'm starting to get email like the following. Is this spam looking for my
>response or a useless anti-spam response to an email that has forged my
>address
>as sender?


My guess is option B.. residue from spam run forging your address.

However, in either case, your best option is to simply ignore it.

Unless the person is someone you would otherwise wish to be in contact
with, there's little reason to try to activate yourself onto the list. If
the spam run forging you was of any decent size, you'll eventually get a
pile of DNSs sufficient get samples of it, so there's no need to contact
them to try to get the offending message.

However, on the off-chance this is a spammer probe for email validity,
there's a distinct benefit to not responding.

> > Its a challenge/response system responding to a forged email, so you are
> > probably being joe-jobbed.
> >
> OK. Now I'm getting quite a few more. Is there anything I can do about
this? I
> don't see many options, but I'm new to this.

Nope. Some spammer sent out a whole batch of spams under your name. He'll
pick a new name tomorrow or so and some pther poor sucker will be getting
the bounces and irate replies.

So you will get these for a few days and then they will usually go away for
a long time.
FWIW, I've been on the net for years and I've only had this happen about 3
time so far.

Loren