At 2:23 PM -0500 3/5/03, Jason Hihn wrote:
choice, but is tainted with the taste of spam. We need to switch to another
character. I find any of the following acceptable: !#%&~|{} This char is
called the 'promoted' char. The old '@' is the demoted char.
Well, let's stay away from ones that the email system already uses.
! and % in particular would be rather bad news. Also, keep in mind
that there are thousands of web forms out there that think
(incorrectly) that they know what an email address is. I'd say that
I'm only successfully able to put a "+" in my email address on web
forms about 75% of the time. But anyway, nits.
On to my technical approach:
I'm entertaining using signatures issued by the ISP, and verified against
the server in the ISP's MX record. If an ISP sees too many inquires for a
user, then that user maybe flagged as spammer, and the account can be
suspended/revoked/throttled back. Eventually the sender will exhaust his
I'm not clear on what you mean here by "inquiry". Are you assuming
that I'm a spammer if I send too much email? Or are you assuming
that each query comes from a bounce or complaint? And in either
case, how do you verify that the site making the query is in fact the
site that was sent the email? What keeps me from writing a program
to make it look like someone else is spamming? Does the sending ISP
have to maintain state and keep track of how many messages I sent and
make sure it matches the complaints?
them only get off a few hundred before they are yanked. Also watch the
undeliverables. It is rare for me to send to a wrong address, maybe 1 a
month. Surely 10 a month is reasonable? (And they'll all happen in minutes!)
I'm currently the victim of a hoax that has resulted in hundreds of
people sending email to wormalert(_at_)somewhere(_dot_)com every day. About 25%
of those messages contained that hoax, or other hoaxes. So I decided
to be nice and set up an auto-responder. It did a reply-all to the
mail and told people that they had just received a hoax. I was
easily bouncing 50 messages a day--because people were forwarding
these hoaxes to everyone in their address book, and large numbers of
those addresses were incorrect. That, combined with people accusing
me of spamming them, made me back-off and just reply to the sender.
Eventually I had to back off from that and just bounce with an
extended bounce message. I'm still getting 300 messages a day, plus
another 4-500 viruses.
On a related subject. When considering authentication schemes,
please consider how you are going to handle bounces. I've seen spam
masquerading as a bounce before (and viruses as well, of course).
(I've even seen spam masquerading as a spam complaint.)
--
Kee Hinckley
http://www.puremessaging.com/ Junk-Free Email Filtering
http://commons.somewhere.com/buzz/ Writings on Technology and Society
I'm not sure which upsets me more: that people are so unwilling to accept
responsibility for their own actions, or that they are so eager to regulate
everyone else's.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg