From mboxrd@z Thu Jan 1 00:00:00 1970 Message-ID: <006b01c37199$1912bfe0$b9844051@insultant.net> From: "boyd, rounin" To: <9fans@cse.psu.edu> References: <200309021608.h82G8Wj21273@augusta.math.psu.edu> Subject: Re: [9fans] re: spam filtering fs MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: 7bit Date: Tue, 2 Sep 2003 23:28:05 +0200 Topicbox-Message-UUID: 2a1d3770-eacc-11e9-9e20-41e7f4b1d025 > A way to exchange tokens: instead of doing it via email, generate an > image for an unknown user, put it on a public web server somewhere, and > send them a URL. Once they get there, have them send back a > description of the image and then send them a token. i like this idea but if you stick the token as an X-* (with every message) field it's next to impossible (or i don't know how to do it) to get Outlook and maybe other UAs to a) insert the token and b) insert it. other problem is whether the token is on a per recipient basis. it just can't be done with Outlook. however, if you give out a unique token to people you like Outlook can then apply a rule if it's in the body (say signature) of the message. i know it's susceptible to 'man in the middle' attacks, but it sure would kill a lotta spam. oh shit, it's also harvestable from mailing lists that are archived. in fact you can just mail people 'make sure this token is in your sig or mail from you will be spam killed'. the 'image' in this case is the content of the message sent to you. you wanna try this out, dan?