Re: [Asrg] Please critique my anti-spam system
2005-01-09 10:59:57On 2005-01-10 02:17:53 +1000, Laird Breyer wrote:
On Jan 09 2005, Peter J. Holzer wrote:There's also the fact that list messages (such as your own to this list) often arrive twice, once through the list and once directly. If I used your system, I would be sending you a CAPTCHA bounce which would be clogging your inbox.No, you wouldn't, unless you had the subaddress already disabled, in which case you wouldn't receive mails from the mailinglist either (unless you explicitely whitelisted the mailinglist).Either you're confused or I am. Michael sends me two messages, once as Michael (which is unsolicited, and he's not whitelisted, so gets a CAPTCHA), and once as asrg(_at_)ietf(_dot_)org, which is whitelisted since I've subscribed to the list.
But both messages are sent to an active subaddress, so they are accepted without a CAPTCHA. See http://home.nyc.rr.com/spamsolution/An%20Effective%20Solution%20for%20Spam.htm | Zack now has a completely functional and unique email address for Joe | (e.g. Joe(_dot_)mcj9z(_at_)domain(_dot_)com). Zack can share this fully functional | email address with other friends. These other friends now send email | to Joe using the address (Joe(_dot_)mcj9z(_at_)domain(_dot_)com) given to them by Zack. | Zack can pass on Joe(_dot_)mcj9z(_at_)domain(_dot_)com to Bud. Bud successfully mails | Joe using Joe(_dot_)mcj9z(_at_)domain(_dot_)com, but when Joe replies his return | address will appear as Joe(_dot_)72wmt(_at_)domain(_dot_)com(_dot_) Bud now has two separate | addresses that he can use to communicate with Joe, but in time he will | become more likely to use Joe(_dot_)72wmt(_at_)domain(_dot_)com as this will always | appear as the return address whenever he receives email from Joe. Only when you deactivate the the subaddress (because some spammer has harvested the ASRG mailing list archive and is spamming that address), CAPTCHAs will be generated in response to mails from non-whitelisted senders. So at that point you would have to decide whether you want to whitelist asrg-bounce(_at_)ietf(_dot_)org (which would lead to your scenario of sending out lots of CAPTCHAs and being thrown off the list) or resubscribe with a new subaddress (which is a bit of a hassle, especially if you are subscribed to lots of mailing lists). In both cases you have to remember that your subaddress <laird(_dot_)ghqwr(_at_)(_dot_)(_dot_)(_dot_)> was the one you used to subscribe to the ASRG before deactivating it (Hopefully your software gives you an easy way to look up the usage of a subaddress). ("Deactivating" the subaddress seems to be a misnomer. AFAICS Michael's proposal doesn't allow a subaddress to be really deactivated once it is created. It is only put into "Accept mails only from whitelisted addresses and send a CAPTCHA to everybody else" mode) hp -- _ | Peter J. Holzer | Je höher der Norden, desto weniger wird |_|_) | Sysadmin WSR | überhaupt gesprochen, also auch kein Dialekt. | | | hjp(_at_)hjp(_dot_)at | Hallig Gröde ist fast gänzlich dialektfrei. __/ | http://www.hjp.at/ | -- Hannes Petersen in desd
pgpu96HUk5MdW.pgp
Description: PGP signature
_______________________________________________ Asrg mailing list Asrg(_at_)ietf(_dot_)org https://www1.ietf.org/mailman/listinfo/asrg
| Previous by Date: | Re: [Asrg] Please critique my anti-spam system, Peter J. Holzer |
|---|---|
| Next by Date: | Re: [Asrg] Please critique my anti-spam system, Seth Breidbart |
| Previous by Thread: | Re: [Asrg] Please critique my anti-spam system, Laird Breyer |
| Next by Thread: | Re: [Asrg] Please critique my anti-spam system, Laird Breyer |
| Indexes: | [Date] [Thread] [Top] [All Lists] |