Stories
Slash Boxes
Comments
NOTE: use Perl; is on undef hiatus. You can read content, but you can't post it. More info will be forthcoming forthcomingly.

All the Perl that's Practical to Extract and Report

use Perl Log In

Log In

[ Create a new account ]

TorgoX (1933)

TorgoX
  sburkeNO@SPAMcpan.org
http://search.cpan.org/~sburke/

"Il est beau comme la retractilité des serres des oiseaux rapaces [...] et surtout, comme la rencontre fortuite sur une table de dissection d'une machine à coudre et d'un parapluie !" -- Lautréamont

Journal of TorgoX (1933)

Thursday March 07, 2002
03:32 PM

SPMA

[ #3358 ]
As spam gets worse and worse, my craziest anti-spam idea starts to look less and less crazy all the time. The idea is:

No email to me gets thru unless it's "authenticated". That means some combination of:

  • A message gets thru if it has headers indicating that it's a message from a listserv list that I'm on. (Like many people, almost all the traffic to my account is list mail.)
  • If the sender is on the list of people I correspond with regularly, it gets thru. (That and the above, catch the vast majority of non-spam traffic to my mailbox.
  • Otherwise you get a "confirmation email" saying that the mail won't get thru unless you either reply with some confirmation code, or hit some HTTP URL that, when hit, approves the message.

The only problem I see is with automated email that's not spam. Stuff like Amazon Alerts, or messages like "you went to our web site just now and requested that your password be emailed to you, so here it is: 123BZORCH."

The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
 Full
 Abbreviated
 Hidden
More | Login | Reply
Loading... please wait.
  • I've seen a system just like this before. I forget who was using it, but the automagic reply (with confirmation via email or the web) was quite obnoxious. Shunting unvalidated email into a holding tank has the advantage that you don't blindly send email to people or things that are trying to correspond with you (and repeat the problems we saw last week).

    The more I think about it, the more I'm warming up to some sort of bot managing my incoming email. (I remember one night pointing out the most obvious

  • Why are you ignoring SpamAssassin? It has auto-whitelists and auto-blacklists, and very smart people working on it *cough*.

    The problem with your scheme is you lose the spams sent through lists, like all the people attacking perlbug recently. SpamAssassin won't miss that.
  • Saw the following solution in a communications of the ACM a few years back. (Keep plugging SpamAssassin, Matt; I'm sure I'll try it before I try this.)

    You set up multiple valid email addresses of the form userid-\d\d\d\d\d\d@example.com . You can set up an alias for your friends, an alias for each mailing list your on, and so on. When you need to sign up for something and have a password mailed to you, you temporarily activate an alias. When one account gets discovered and you start getting hammered w

    --
    J. David works really hard, has a passion for writing good software, and knows many of the world's best Perl programmers
    • What happens if, say, one of your friends sends a message both to you and a mailing list that's archived on the web somewhere, causing a spamtrawler to pick up your "friends" address.

      Are you going to dump that address as well and replace it by one with a different number? Because that would entail informing all your friends to "please send to jxb-2001 instead of jxb-1701 from now on".

      Or if your mailing list address is compromised -- you'll have to keep track of which lists you were subscribed to *with tha
      --

      -- 
      Esli epei eto cumprenan, shris soa Sfaha.
      Aettot ibrec epesecoth, spakhea scrifeteis.

      • Are you going to dump that address as well and replace it by one with a different number? Because that would entail informing all your friends to "please send to jxb-2001 instead of jxb-1701 from now on".

        Yeah, that's the general idea. I didn't say it was the best of options, just an interesting one.

        --
        J. David works really hard, has a passion for writing good software, and knows many of the world's best Perl programmers
  • A fairly obvious disadvantage would be if someone sends you email who also has such an authentication scheme going on: your request that the sender authenticate himself first is going to bounce off his filter with a request that *you* authenticate yourself first, which results in your filter sending back an email... you get the point.

    How would you avoid that? You probably can't really. I think this sort of thing only works if you think you are (no offense intended now) so important that people will volunta
    --

    -- 
    Esli epei eto cumprenan, shris soa Sfaha.
    Aettot ibrec epesecoth, spakhea scrifeteis.