Re: All spam filters fail in comparison...
> There are no hoops.
> I realize this is very difficult but if
> you look up at the
> top of your e-mail client you'll see a
> little reply button.
> Press it then press sent (or just press
> r in pine).
> You see, no hoops.
It's not about jumping through hoops, it's about pissing off potential customers and clients who send a message expecting it to be read in a timely fashion, only to return to their computers the next day to discover a stupid f#!@*ng challenge message sitting in their inbox telling them that not only has their message been detained for questioning, but it now requires that a second message be sent just to free the first one. It's like mail purgatory. Challenge/response is a horrific alternative to decent baysean spam filtering and is basically a way for a mail administrator to say, "those mean old spammers have gotten the best of me and I'm going home to get some sleep and let my users deal with the problem." Anyone with the skill to set up a challenge/response system on their server could easily set up a better system using SpamAssassin and/or a series of open-source baysean and white/blacklist filtering. Challenge-response systems will never gain widespread adoption simply because too many people do business online. When you buy something from an online store, an automated system usually sends you a receipt with your order info. An automated system is not going to respond to your idiot challenge message just to send you your order receipt. And if an automated system DID respond to your challenge, then it would by definition, be defeating your spam filter. You really think a spammer can't write a script to fake out your challenge-response system? I'm not a particularly gifted programmer, but I could do it in a few minutes, just by looking at the format of your challenge messages and writing a few regular expressions. Hell, what's to stop someone from writing a plug-in or script that auto-replies to all challenge messages? A baysean filter would have no problem identifying such challenge messages with 98% accuracy and replying to each and every one. If challenge-response systems gained widespread popularity, that's exactly what you'd see. Someone would write a filter to auto reply to such challenge messages. Then spammers would simply start fishing for addresses using this method, and at the same time they'd be priming the accounts to accept their spam unimpeded. In fact, over the long term, I'd be surprised if the only people such challenge-response systems don't annoy are spammers themselves, who pretty much live to break your rules and will always manage to script their way around any obstacles you put up. That's why the only really viable solution is for ISPs to stop spammers from sending spam, for webmasters to run server-based filters and for e-mail users to run their own baysean filters. It's a 3-tiered approach that doesn't offload all the responsibility to the end user as challenge-response systems do. As someone who relies almost entirely on e-mail for business communication (and has for many years now), I can say with absolute certainty that challenge-response sytems are part of the problem, not the solution. I always tell my clients not to use them. I simply point my clients to spambayes.sourceforge.net and they are generally very pleased with the results. It's not the absolute best, but it's damned good and it's free.
Re: serious https problems
I'm assuming then that you disagree with the post above from the author which states that https works under all single and multi-server configs?
> Another quick note, not to sound like I
> am slagging
> these guys, its a great project but has
> some very
> serious shortcomings/downfalls....
> This system requries that your http and
> https servers
> be running under the _same process_,
> something that
> you will see very rarely and is
> generally a very bad
> idea. It reliese on php4 sessioon id's
> being able to be
> accessed from both htttpd and httpds. I
> tried this
> project on 5 different large hosting
> setups and becuase
> of this it worked on none of them.
> BTW, this is not documented (at this
> point) anywhere
> on their site or in their one page
> manual, I didn't find
> out until after my client purchased it
> and I wasted days
> They have agreed to refunding my clients
> $$, but it was
> very much a letdown and a waste of great