From mboxrd@z Thu Jan 1 00:00:00 1970 Message-Id: <200309030059.h830xQj23628@augusta.math.psu.edu> To: 9fans@cse.psu.edu Subject: Re: [9fans] re: spam filtering fs In-Reply-To: Your message of "Tue, 02 Sep 2003 16:36:27 MDT." From: Dan Cross Date: Tue, 2 Sep 2003 20:59:26 -0400 Topicbox-Message-UUID: 2a95cf28-eacc-11e9-9e20-41e7f4b1d025 Dave writes: > What smime (and pgp) can achieve is digital signing so that spammers > can't masquerade with From:'s of people in your white list. So does having an X-header that has a token in it. One easy way around the harvesting-from-a-mailing-list-archive thing is doing something S/Key-ish: The first time you send an email to someone, send the token sha'ed 100,000 times. The next time, send it sha'ed 99,999 times, etc. Both sides keep track of the token and the current sequence number. Or, and even simpler, take the token and sha it with the contents of the message. The token itself doesn't show up in any archives anywhere, and the scheme is immune to problems with bounces getting sequence numbers out of whack, and you get some modicum of integrity checking on the message itself. A way around the client problem is to build it into the MTA (but the MTA's on both sides have to support it). Ron writes: > yeah but ... I don't even want the data coming into my machine. Is that > covered too? I really want to get these spammers rejected instantly, which > is why i liked the file system idea. I think we've lost that battle. Some knocking at the castle gates is always going to happen now days. :-( - Dan C.