ietf-asrg
[Top] [All Lists]

Re: [Asrg] How to can the spam

2003-03-05 14:39:17
At 2:23 PM -0500 3/5/03, Jason Hihn wrote:
choice, but is tainted with the taste of spam. We need to switch to another
character. I find any of the following acceptable: !#%&~|{} This char is
called the 'promoted' char. The old '@' is the demoted char.

Well, let's stay away from ones that the email system already uses. ! and % in particular would be rather bad news. Also, keep in mind that there are thousands of web forms out there that think (incorrectly) that they know what an email address is. I'd say that I'm only successfully able to put a "+" in my email address on web forms about 75% of the time. But anyway, nits.

On to my technical approach:
I'm entertaining using signatures issued by the ISP, and verified against
the server in the ISP's MX record. If an ISP sees too many inquires for a
user, then that user maybe flagged as spammer, and the account can be
suspended/revoked/throttled back. Eventually the sender will exhaust his

I'm not clear on what you mean here by "inquiry". Are you assuming that I'm a spammer if I send too much email? Or are you assuming that each query comes from a bounce or complaint? And in either case, how do you verify that the site making the query is in fact the site that was sent the email? What keeps me from writing a program to make it look like someone else is spamming? Does the sending ISP have to maintain state and keep track of how many messages I sent and make sure it matches the complaints?

them only get off a few hundred before they are yanked. Also watch the
undeliverables. It is rare for me to send to a wrong address, maybe 1 a
month. Surely 10 a month is reasonable? (And they'll all happen in minutes!)

I'm currently the victim of a hoax that has resulted in hundreds of people sending email to wormalert(_at_)somewhere(_dot_)com every day. About 25% of those messages contained that hoax, or other hoaxes. So I decided to be nice and set up an auto-responder. It did a reply-all to the mail and told people that they had just received a hoax. I was easily bouncing 50 messages a day--because people were forwarding these hoaxes to everyone in their address book, and large numbers of those addresses were incorrect. That, combined with people accusing me of spamming them, made me back-off and just reply to the sender. Eventually I had to back off from that and just bounce with an extended bounce message. I'm still getting 300 messages a day, plus another 4-500 viruses.

On a related subject. When considering authentication schemes, please consider how you are going to handle bounces. I've seen spam masquerading as a bounce before (and viruses as well, of course). (I've even seen spam masquerading as a spam complaint.)
--
Kee Hinckley
http://www.puremessaging.com/        Junk-Free Email Filtering
http://commons.somewhere.com/buzz/   Writings on Technology and Society

I'm not sure which upsets me more: that people are so unwilling to accept
responsibility for their own actions, or that they are so eager to regulate
everyone else's.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg



<Prev in Thread] Current Thread [Next in Thread>