I just received the following:
Your message
I received the same message
Received: from mail.tcwireless.us ([67.108.86.20] verified)
Your message
...
has been just received by gmail.com mailserver.
I assumed that this is a phishing scam due to the from / mailserver mismatch, which I think this confirms.
Regards
Marshall
Apology to NANOG for the whitelist failing..
This doesn't look to me like phishing (although I can see the
similarities); it looks like yet another severely clueless site engaged
in challenge-response spamming. (C-R has long since been not only
completely discredited as an anti-spam tactic, but has been recognized
as a spam vector. Hosts emitting it are subject to blacklisting,
in the same way and for much the same reason that hosts emitting
backscatter/outscatter are.)
---Rsk
C-R *is* spam. Interestingly, proponents use the same argument for it
that spammers do. It works for them. Spammers feel that .0001%
response is reason enough to load the rest of us with with work for no
pay. Proponents of C-R feel that reducing their spam load justifies
having the rest of us work as their spam filter for free. It's the "I
got mine, Jack" mentality which is sadly way too ubiquitous.
Personally I think that the answer to this problem is to simply reply
automatically to these challenges positively no matter what. Puts the
job of filtering spam back on the first person.
Quoting D'Arcy J.M. Cain (darcy@druid.net):
Personally I think that the answer to this problem is to simply reply
automatically to these challenges positively no matter what. Puts the
job of filtering spam back on the first person.
I tend to click on the 'authorize' links i see in any ticket-queue that
gets loaded with these messages at my job. Usually resulted by a joe-job
run of some sort.
I too think C-R spam 'prevention' is the lazy-mans approach at filtering
spam. People can easily create their own whitelists based on their
maillogs or mailhistory.
-Sndr.
<snip>
I too think C-R spam 'prevention' is the lazy-mans approach at filtering
spam. People can easily create their own whitelists based on their
maillogs or mailhistory.
<snip>
Unfortunately, I feel the majority of the solutions offered cater to the
non-technical. The process of simplifying often results in a product
that requires the least amount of hands-on from the end-user. Coupled
with the fact that the average end-user is not interested in learning a
process that takes more then 5 paragraphs to explain and more than 10
minutes to implement (without some sort of "wizard") and I think we have
a good idea why the layman's approach is so prevalent.
I don't have any argument with making the end-user's experience simpler
and easier. I do complain when that simplification is at the expense
of others. It's the difference between software that does some of your
work and software that moves your work onto someone else's shoulders.
The problem being solved is that the average end-user is proving that
CM Kornbluth was right. The meta-problem is that the average developer
is *also* proving Kornbluth correct...
There are many, many other solutions that satisfy these requirements without massively inconveniencing everyone who tries to send you e-mail.
I can only attribute the persistence of C-R as a method for combating spam to the fact that a sufficiently small percentage of humans will believe in *anything*, no matter how ludicrous it is.
Hopefully this provides some motivation to those few who still cling uselessly to C-R to go out and spend 15 minutes researching advances in anti-spam technology in the last 5 years. Perhaps they will pull themselves out of the stone ages and stop irritating everyone.