I weighed this decision heavily before I implemented it on three test accounts (the most spammed accounts) and we surveyed our clientele beforehand. Everyone surveyed offered that they would not have a problem confirming their email in this manner.
Those employees who have this active on their accounts (not everyone does) submitted to me before hand, a list of individuals who should be on their whitelists from the get-go. Then these employees where educated on how to use this 'feature' (for lack of a better word) and monitor their 'quarantine' appropriately.
The nature of our business is such that our employees have an idea of when to expect email, and from whom. In fact, I have people in my office more asking if there are any problems with the mail server (because they are expecting an email, and it hasn't arrived yet) than any other problem. And this was a problem when I was using RBL's. To many false positives.
Anyway, if an employee using ASK subscribes to a mail list, they know to add it to their 'whitelist' before hand, so the scenerio you describe below should never happen. Should they forget, then I have set up a cron job to process their 'quarantine' each morning and send them a report where they will most likely catch their mistake and fix it.
We have been running this set up now for a couple of months, and I have yet to see any problems creep up. Spam on the three accounts this is set up on has gone to 0.
On Wednesday 25 February 2004 05:33 pm, Craig Daters wrote:http://www.paganini.net/ask - Active Spam Killer. I added this as a final catch all for spam that does end up getting through (though this is rare) to the user. This is a challenge/respond system where senders that are not already on a whitelist must 'validate' simply by replying to a confirmation message. Works much like a mail list does, and end users can configure/manage everything through email once it is setup.
You were doing fine up to this point. This step, however, can cause more trouble than its worth. If a user signs up for a mailing list which requires a confirmation e-mail (your challenge/response) then the server will get an email from the user requesting confirmation the it sent the email. Normally, this gets sent to the bit bucket and the user goes along without knowledge that there's a problem.
I have a site which does the confirmation thing. I set it up so that odd-ball email is sent to me. Frankly, I refuse to reply to the challenges. I have enough to do without this added step. If the user sends me email asking why s/he can't create an account or join my lists I will tell them (and reply to the irritating challenge so that my note gets through) but I will not set up my server to do it.
Just my two cents.
Barry
-- --
Craig Daters (craig@xxxxxxxxxxxxx) Systems Administrator West Press Printing 1663 West Grant Road Tucson, Arizona 85745-1433
Tel: 520-624-4939 Fax: 520-624-2715
www.westpress.com
--
-- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
