From mboxrd@z Thu Jan 1 00:00:00 1970 Message-ID: <005f01c371df$0e59d5c0$2c9ce541@bl.belllabs.com> From: "david presotto" To: <9fans@cse.psu.edu> References: <200309030059.h830xQj23628@augusta.math.psu.edu> Subject: Re: [9fans] re: spam filtering fs MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Date: Wed, 3 Sep 2003 01:48:45 -0400 Topicbox-Message-UUID: 2ae4e13a-eacc-11e9-9e20-41e7f4b1d025 I'ld rather not have to keep a secret and a counter for everyone I want to exchange mail with. Messages get lost and reordered so at the very least I need to accept some range of possible sha1ings. I also want to accept mail from people I haven't talked to before but have proved to someone else that they aren't spammers. I'm happier with the /mail idea than this one. ----- Original Message ----- From: "Dan Cross" To: <9fans@cse.psu.edu> Sent: Tuesday, September 02, 2003 8:59 PM Subject: Re: [9fans] re: spam filtering fs > Dave writes: > > What smime (and pgp) can achieve is digital signing so that spammers > > can't masquerade with From:'s of people in your white list. > > So does having an X-header that has a token in it. One easy way around > the harvesting-from-a-mailing-list-archive thing is doing something > S/Key-ish: The first time you send an email to someone, send the token > sha'ed 100,000 times. The next time, send it sha'ed 99,999 times, > etc. Both sides keep track of the token and the current sequence > number. Or, and even simpler, take the token and sha it with the > contents of the message. The token itself doesn't show up in any > archives anywhere, and the scheme is immune to problems with bounces > getting sequence numbers out of whack, and you get some modicum of > integrity checking on the message itself. A way around the client > problem is to build it into the MTA (but the MTA's on both sides have > to support it). > > Ron writes: > > yeah but ... I don't even want the data coming into my machine. Is that > > covered too? I really want to get these spammers rejected instantly, which > > is why i liked the file system idea. > > I think we've lost that battle. Some knocking at the castle gates > is always going to happen now days. :-( > > - Dan C. > >