[FoRK] Yet another Anti-Spam idea

Stephen D. Williams sdw at lig.net
Tue Mar 22 10:04:16 PST 2005


Justin Mason wrote:

>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>
>Stephen D. Williams writes:
>  
>
>>Zee Roe wrote:
>>    
>>
>>>On Tue, 22 Mar 2005, Stephen D. Williams wrote:
>>>      
>>>
>>>>Upon receipt of an email message from a new email address / IP address
>>>>combination, send four probe email messages, one to the real From:
>>>>address and one to the Reply-To: address, and one to each of those
>>>>addresses with a random string appended to the userid.  The original
>>>>email is only allowed "in" if the first two sends succeed and the second
>>>>two bounce.
>>>>        
>>>>
>>>Maybe I'm missing something, but wouldn't this automatically invalidate
>>>anyone sending from domains with catch-all addresses? I think it's pretty
>>>common with vanity domains, certainly I do it, for example.  It seems like
>>>just not bouncing the from: and reply-to: addresses would filter out a lot
>>>of the crap I get (some of which is marked as spam anyway).
>>>      
>>>
>>That would be a problem and would have to be handled in some other way, 
>>perhaps an auto-reply system (which has it's own issues) or one of the 
>>sender-verified systems.
>>
>>The point would be to prevent all of the spoofing of both real and bogus 
>>addresses that is used in spam.
>>    
>>
>
>By generating 4 new messages, to possibly-faked addresses, for each 1 spam?
>
>I've been joe-jobbed continuously since last December.  I get about 750
>bounces per day, breaking down to about 80% "user unknowns" / "user out of
>quota", with the rest being a mixture of challenge-response challenges,
>helpful filters telling me that I sent something that their content
>filtering rules rejected, and autoresponders from users telling me that
>they no longer read that email address because it gets too much spam. All
>of these appear in various languages, to boot.
>  
>
Absolutely that's an issue, however the goal is to be able to do more 
filtering up front.  You only need to test each sender and sender IP 
address once and from then on you know to keep or ignore all future 
attempts, subject to timeout and retest needs.

>Here's a question.  Is all that auto-generated blowback sent to my address
>despite my having nothing to do with the spamming, in itself spam? if not,
>what is it?
>  
>
The increasing cost of not moving to a more coherent system.  We can't 
allow centralized control of email, but we need to solve this problem at 
some point.  In the end, we are going to need some kind of non-monetary 
credit system that allows, in effect, recipient votes to result in 
credits or filter access.  Even clique centralization would probably be ok.

>(I'm serious btw, SpamAssassin may have to become SpamAndBlowbackAssassin
>if this continues ;)
>
>But anyway, anything that generates messages to addresses in the headers
>will generate more of this noise and increase my spam-blowback load.
>The only way to safely send a message back to the sender in SMTP is
>by issuing a 4xx/5xx response in the SMTP transaction.
>  
>
This has become difficult to do completely since split processing email 
systems and the chatty nature of SMTP mean that the message has already 
been accepted when real scrutiny happens.

sdw

>- --j.
>-----BEGIN PGP SIGNATURE-----
>Version: GnuPG v1.2.5 (GNU/Linux)
>Comment: Exmh CVS
>
>iD8DBQFCQFbpMJF5cimLx9ARAi0bAKCvme44JKZ7kwIPvJZlz+79fVblpgCgtMUJ
>sNx9bx1hCGPOuHdgJmwZT/8=
>=GRfx
>-----END PGP SIGNATURE-----
>
>_______________________________________________
>FoRK mailing list
>http://xent.com/mailman/listinfo/fork
>  
>


-- 
swilliams at hpti.com http://www.hpti.com Per: sdw at lig.net http://sdw.st
Stephen D. Williams 703-724-0118W 703-995-0407Fax 20147-4622 AIM: sdw



More information about the FoRK mailing list