[FoRK] Yet another Anti-Spam idea

Justin Mason jm at jmason.org
Tue Mar 22 09:33:30 PST 2005


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Stephen D. Williams writes:
> Zee Roe wrote:
> >On Tue, 22 Mar 2005, Stephen D. Williams wrote:
> >>Upon receipt of an email message from a new email address / IP address
> >>combination, send four probe email messages, one to the real From:
> >>address and one to the Reply-To: address, and one to each of those
> >>addresses with a random string appended to the userid.  The original
> >>email is only allowed "in" if the first two sends succeed and the second
> >>two bounce.
> >
> >Maybe I'm missing something, but wouldn't this automatically invalidate
> >anyone sending from domains with catch-all addresses? I think it's pretty
> >common with vanity domains, certainly I do it, for example.  It seems like
> >just not bouncing the from: and reply-to: addresses would filter out a lot
> >of the crap I get (some of which is marked as spam anyway).
> 
> That would be a problem and would have to be handled in some other way, 
> perhaps an auto-reply system (which has it's own issues) or one of the 
> sender-verified systems.
> 
> The point would be to prevent all of the spoofing of both real and bogus 
> addresses that is used in spam.

By generating 4 new messages, to possibly-faked addresses, for each 1 spam?

I've been joe-jobbed continuously since last December.  I get about 750
bounces per day, breaking down to about 80% "user unknowns" / "user out of
quota", with the rest being a mixture of challenge-response challenges,
helpful filters telling me that I sent something that their content
filtering rules rejected, and autoresponders from users telling me that
they no longer read that email address because it gets too much spam. All
of these appear in various languages, to boot.

Here's a question.  Is all that auto-generated blowback sent to my address
despite my having nothing to do with the spamming, in itself spam? if not,
what is it?

(I'm serious btw, SpamAssassin may have to become SpamAndBlowbackAssassin
if this continues ;)

But anyway, anything that generates messages to addresses in the headers
will generate more of this noise and increase my spam-blowback load.
The only way to safely send a message back to the sender in SMTP is
by issuing a 4xx/5xx response in the SMTP transaction.

- --j.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Exmh CVS

iD8DBQFCQFbpMJF5cimLx9ARAi0bAKCvme44JKZ7kwIPvJZlz+79fVblpgCgtMUJ
sNx9bx1hCGPOuHdgJmwZT/8=
=GRfx
-----END PGP SIGNATURE-----



More information about the FoRK mailing list