Challenge-response anti-spam systems?
November 28, 2004 3:51 PM Subscribe
I'm looking at different anti-spam systems, and one of these is a challenge-response system. Anybody know of an open-source, free, or relatively cheap challenge-response system that I could try? I run a couple of mail servers for a public school district, and we're always looking for ways to deal with spam.
Response by poster: Well we already use blacklists and that seems to get a lot of the spam. Then we use spamassassin rules, but we have to set the threshold pretty high for various reasons (you'd be surprised how many times the boss's e-mail is flagged as spam).
I'd like to offer the challenge-response system as an alternative to the more tech-savvy users.
Just noticed a textad on the mefi frontpage for knowspam.net. That's exactly the kind of system I'd like to try out, but cost is definitely a factor.
posted by MiG at 5:07 PM on November 28, 2004
I'd like to offer the challenge-response system as an alternative to the more tech-savvy users.
Just noticed a textad on the mefi frontpage for knowspam.net. That's exactly the kind of system I'd like to try out, but cost is definitely a factor.
posted by MiG at 5:07 PM on November 28, 2004
I ran one for a while. Gave up on it when my personal email account became the business one too. :-) Before that I was happy with it because, as a personal account, I really didn't give two hoots if you refused to talk to me because you're too lazy to reply to a single challenge email (and you only had to do this once, ever).
It stopped all spam dead in its tracks.
This is it: ASK. Seems it hasn't been developed on for a while. I wouldn't worry, it worked 100% for me...
As a side thought, with some effort I think you could set ASK up to integrate with spamassassin. When spamassassin detects a spam, ASK could send off a challenge response to double check. This way you could set the threshold REALLY low without worrying.
Hmmm... I think I might just do that myself now!
posted by slashdot at 5:16 PM on November 28, 2004
It stopped all spam dead in its tracks.
This is it: ASK. Seems it hasn't been developed on for a while. I wouldn't worry, it worked 100% for me...
As a side thought, with some effort I think you could set ASK up to integrate with spamassassin. When spamassassin detects a spam, ASK could send off a challenge response to double check. This way you could set the threshold REALLY low without worrying.
Hmmm... I think I might just do that myself now!
posted by slashdot at 5:16 PM on November 28, 2004
TMDA is another open-source challenge-response system.
Before you use it, though, keep two things in mind:
1. Some people (like me) will ignore the confirmations and you won't get their mail.
2. There's a growing problem with challenge messages being trapped by spam filters (including, ironically, challenge-response systems) resulting in email never getting through.
posted by mmoncur at 5:54 PM on November 28, 2004
Before you use it, though, keep two things in mind:
1. Some people (like me) will ignore the confirmations and you won't get their mail.
2. There's a growing problem with challenge messages being trapped by spam filters (including, ironically, challenge-response systems) resulting in email never getting through.
posted by mmoncur at 5:54 PM on November 28, 2004
Mine is a simple Procmail script but quite effective.
posted by nicwolff at 6:47 PM on November 28, 2004
posted by nicwolff at 6:47 PM on November 28, 2004
Response by poster: Actually, that would be downright funny. Two challenge-response systems sending each other challenges back and forth.
posted by MiG at 7:18 PM on November 28, 2004
posted by MiG at 7:18 PM on November 28, 2004
And unless your users religiously check the unfonfirmed folder (which they never will, because it'll be chock-full of spam), they'll never see signup confirmations, weekly newsletters, search alerts, et al.
posted by yt at 12:11 AM on November 29, 2004
posted by yt at 12:11 AM on November 29, 2004
yt, I would always check that file whever I signed up for something on the internet.
As far as newsletters, etc, go I'd usually just whitelist the provider's domain I was trying to get them from.
And, for anything else, I just didn't give a crap.
I used that system for a good year without a single hiccup, except it did highly irritate a very small handful of people. But, hey, again, for personal communication, if you're my friend, you'll get over that little hangup. If you're not my friend and can't be bothered to deal with a single reply, then I can't be bothered to read your mail.
All the excuses I've seen against C/R systems are REALLY weak. I haven't seen one that meant diddly in the scope of things yet.
Business stuff... well... hmmm... I just wouldn't use Challenge / Response, myself.
posted by shepd at 3:20 AM on November 29, 2004
As far as newsletters, etc, go I'd usually just whitelist the provider's domain I was trying to get them from.
And, for anything else, I just didn't give a crap.
I used that system for a good year without a single hiccup, except it did highly irritate a very small handful of people. But, hey, again, for personal communication, if you're my friend, you'll get over that little hangup. If you're not my friend and can't be bothered to deal with a single reply, then I can't be bothered to read your mail.
All the excuses I've seen against C/R systems are REALLY weak. I haven't seen one that meant diddly in the scope of things yet.
Business stuff... well... hmmm... I just wouldn't use Challenge / Response, myself.
posted by shepd at 3:20 AM on November 29, 2004
C/R systems create spam. Most spam has an incorrect (stolen e-mail address) "From" line, so your "challenge" gets thrown at someone who never e-mailed you in the first place. It's bad enough getting the bounces from spammers who used your e-mail address, challenges just add to the problem.
posted by Mwongozi at 7:58 AM on November 29, 2004
posted by Mwongozi at 7:58 AM on November 29, 2004
This thread is closed to new comments.
posted by glenwood at 4:39 PM on November 28, 2004