On Tue, Mar 22, 2005 at 11:44:38AM -0800, Fred Viles said:
> On 22 Mar 2005 at 14:04, Walt Reed wrote about
> "Re: [exim] Heads up?":
>
> |...
> | Readng the FAQ about fairuce, it seems that the system ONLY challenges
> | when the algorithms detect a probable spoof / forge situation.
>
> So it attempts to maximize the probability that a given challenge is
> actually collateral spam before sending it? And this is supposed to
> be a good thing?
I'm no expert on the thing, just reading up on it now. It may not be
that bad.
Further reading suggest that SPF checks or any other "authenticated
sender" system would opt you out of such collateral spam (although it
mentions that that is a future feature)
To me it sounds like if you setup your system right, use at least one of
the authentication schemes (spf, domainkeys, etc.), you would never be
bothered by FairUCE's C/R.
Again, it seems to handle most of my concerns, but not all. I'm not a
proponent yet. I really don't like existing C/R systems that I have run
into for the same reasons you and others have voiced.
Anyway, it's obviously something that everyone here will probably run
into at some point in the near future. The better we understand it, the
better we can deal with it or the fallout from it.