Politech mailing list archives

Previous By Date Next
Previous By Thread Next

FC: MailFrontier.net, poor anti-spamware, and future of mailing lists

From: Declan McCullagh <declan () well com>
Date: Sun, 11 May 2003 12:53:16 -0400
When you request to subscribe to Politech (http://www.politechbot.com/info/subscribe.html), you get a message back from my server's majordomo application saying "please respond to verify that you really do want to join the list."
A few moments ago, a poor implementation of a challenge-response (C-R) system -- in this case, the one sold by MailFrontier.net -- requested that majordomo-owner click on a link in that reply email. MailFrontier.net's email to majordomo-owner should *never* have been generated because the new Politech subscriber (I know this for a fact) requested to be added to the mailing list by contacting majordomo in the first place.
It is true that verifying one user manually is not a problem. I did it. But Politech receives hundreds of new signups per month, and if dumb C-R systems become widely adopted, verifying hundreds of users per month will present a significant burden. It removes the benefits of having automated authentication via majordomo -- I might as well go back to the way I did it circa 1995, which was editing a text file by hand!
Actually, it's even worse than that. The initial confirmation messages come from my server's majordomo address, which I'll need to manually verify when interacting with flawed C-R system. But most messages to Politech come from declan () well com, which I may need to manually verify as well, doubling the amount of work required. And if I ever send mail to Politech from another email address, as I have as recently as the last few weeks, that means another round of confirmations. (FYI you should whitelist by Sender: owner-politech)
My reluctant conclusion is that C-R systems with flawed implementations have the potential to end legitimate mailing lists as we know them today.
For a C-R system to work properly, it will need to be tightly integrated with the mail client (so it knows who you contacted) and probably understand a little about popular mailing list software like majordomo, mailman, and Listserv. It's easier for C-R companies providing web-based email. For everyone else using software like Eudora and Outlook, that probably means plugins, an email proxy service, or a new email standard that Microsoft, Qualcomm, and others, like the folks maintaining mutt and pine, would have to embrace. 

I don't see that happening anytime soon.

-Declan

PS: Dave Farber, who runs the IP list, sent out this warning a few days ago:

If I start getting a flood of challenges from earthlink ipers that require
my response I will most likely declare them SPAM and you will stop receiving
IP mail.

I fully expect this to be the case for almost all the legitimate mailing
lists you are on and count on.

See if their system allows you to pre-approve lists you are on else ....


---

From: [deleted to protect the guilty].net
Subject: Re: Confirmation for subscribe politech
To: Majordomo-Owner [at] politechbot.com
Date: Sun, 11 May 2003 10:16:39 -0400 (EDT)

[-- Attachment #1 --]
[-- Type: multipart/alternative, Encoding: 7bit, Size: 4.0K --]
Thank you for sending me your email with the subject "Confirmation for subscribe 
+politech". I really want to receive your email.

In an effort to eliminate junk email, I am using MailFrontier Matador.
Matador has placed your message on hold.

Please click the link below so you will be added to my Allowed people list,
I will receive your email, and we will be able to communicate freely going
+forward.

<http://c.mailfrontier.net/c/7d0b2b90ae/[deleted]>

If you can not click on the link above, copy and paste the URL above directly
+into your browser.

A note from [deleted]:
Sorry guys, I had to do this, just TOO much spam.

---------------------------------------------------
This mailbox protected from junk email by Matador
from MailFrontier, Inc. http://www.mailfrontier.com

[-- Attachment #2 --]
[-- Type: image/gif, Encoding: base64, Size: 1.4K --]

[-- image/gif is unsupported (use 'v' to view this part) --]

[-- Attachment #3 --]
[-- Type: image/gif, Encoding: base64, Size: 2.8K --]

[-- image/gif is unsupported (use 'v' to view this part) --]




-------------------------------------------------------------------------
POLITECH -- Declan McCullagh's politics and technology mailing list
You may redistribute this message freely if you include this notice.
-------------------------------------------------------------------------
To subscribe to Politech: http://www.politechbot.com/info/subscribe.html
This message is archived at http://www.politechbot.com/
Declan McCullagh's photographs are at http://www.mccullagh.org/
Like Politech? Make a donation here: http://www.politechbot.com/donate/
-------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: