When you request to subscribe to Politech (http://www.politechbot.com/info/subscribe.html), you get a message back from my server's majordomo application saying "please respond to verify that you really do want to join the list." A few moments ago, a poor implementation of a challenge-response (C-R) system -- in this case, the one sold by MailFrontier.net -- requested that majordomo-owner click on a link in that reply email. MailFrontier.net's email to majordomo-owner should *never* have been generated because the new Politech subscriber (I know this for a fact) requested to be added to the mailing list by contacting majordomo in the first place. It is true that verifying one user manually is not a problem. I did it. But Politech receives hundreds of new signups per month, and if dumb C-R systems become widely adopted, verifying hundreds of users per month will present a significant burden. It removes the benefits of having automated authentication via majordomo -- I might as well go back to the way I did it circa 1995, which was editing a text file by hand! Actually, it's even worse than that. The initial confirmation messages come from my server's majordomo address, which I'll need to manually verify when interacting with flawed C-R system. But most messages to Politech come from declanat_private, which I may need to manually verify as well, doubling the amount of work required. And if I ever send mail to Politech from another email address, as I have as recently as the last few weeks, that means another round of confirmations. (FYI you should whitelist by Sender: owner-politech) My reluctant conclusion is that C-R systems with flawed implementations have the potential to end legitimate mailing lists as we know them today. For a C-R system to work properly, it will need to be tightly integrated with the mail client (so it knows who you contacted) and probably understand a little about popular mailing list software like majordomo, mailman, and Listserv. It's easier for C-R companies providing web-based email. For everyone else using software like Eudora and Outlook, that probably means plugins, an email proxy service, or a new email standard that Microsoft, Qualcomm, and others, like the folks maintaining mutt and pine, would have to embrace. I don't see that happening anytime soon. -Declan PS: Dave Farber, who runs the IP list, sent out this warning a few days ago: >If I start getting a flood of challenges from earthlink ipers that require >my response I will most likely declare them SPAM and you will stop receiving >IP mail. > >I fully expect this to be the case for almost all the legitimate mailing >lists you are on and count on. > >See if their system allows you to pre-approve lists you are on else .... --- From: [deleted to protect the guilty].net Subject: Re: Confirmation for subscribe politech To: Majordomo-Owner [at] politechbot.com Date: Sun, 11 May 2003 10:16:39 -0400 (EDT) [-- Attachment #1 --] [-- Type: multipart/alternative, Encoding: 7bit, Size: 4.0K --] Thank you for sending me your email with the subject "Confirmation for subscribe +politech". I really want to receive your email. In an effort to eliminate junk email, I am using MailFrontier Matador. Matador has placed your message on hold. Please click the link below so you will be added to my Allowed people list, I will receive your email, and we will be able to communicate freely going +forward. <http://c.mailfrontier.net/c/7d0b2b90ae/[deleted]> If you can not click on the link above, copy and paste the URL above directly +into your browser. A note from [deleted]: Sorry guys, I had to do this, just TOO much spam. --------------------------------------------------- This mailbox protected from junk email by Matador from MailFrontier, Inc. http://www.mailfrontier.com [-- Attachment #2 --] [-- Type: image/gif, Encoding: base64, Size: 1.4K --] [-- image/gif is unsupported (use 'v' to view this part) --] [-- Attachment #3 --] [-- Type: image/gif, Encoding: base64, Size: 2.8K --] [-- image/gif is unsupported (use 'v' to view this part) --] ------------------------------------------------------------------------- POLITECH -- Declan McCullagh's politics and technology mailing list You may redistribute this message freely if you include this notice. ------------------------------------------------------------------------- To subscribe to Politech: http://www.politechbot.com/info/subscribe.html This message is archived at http://www.politechbot.com/ Declan McCullagh's photographs are at http://www.mccullagh.org/ Like Politech? Make a donation here: http://www.politechbot.com/donate/ -------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Sun May 11 2003 - 09:57:46 PDT