From: Micah Stetson <micah@cnm-vra.com>
To: 9fans@cse.psu.edu
Subject: Re: [9fans] re: spam filtering fs
Date: Tue, 2 Sep 2003 20:35:17 -0700 [thread overview]
Message-ID: <20030903033517.GB4670@epaphras.inhouse.cnm-vra.com> (raw)
In-Reply-To: <1a570e17207c62ffa52fda8519ef56ef@collyer.net>
On Tue, Sep 02, 2003 at 06:50:34PM -0700, Geoff Collyer wrote:
> Knocking at the gate is one thing, crashing through with a bus full of
> aggressive salesmen in loud checks and plaids is another. A scheme
> that seems to be closer to what Ron wants would be to have the sending
> system contact the receiving system and announce that user so-and-so
I wonder if a combined approach would work. Once the
receiving system gets MAIL FROM and RCPT TO from the
sending system, it checks the 'to' user's white list and,
if the sender address isn't on it, it refuses the message
(maybe delaying somewhat in doing so, i.e. tarpitting)
with a 'wait till later' error code and sticks the from
address in a grey list. It then constructs a challenge
message which is sent to the sender and asks a question
that no current computer program can answer. When that
question is answered correctly (either by e-mail to a
secondary address, i.e. user+auth-<unique-id>@domain.com,
or by filling out an HTML form or whatever), the address
is put in the user's white-list automatically and further
mail is let through.
Some difficulty comes when a user whose mail server
implements this policy tries to contact another user with
a similar anti-spam system. The best way to handle this
is to whitelist every address the user sends mail to,
however, that may be troublesome to implement in certain
situations. Perhaps it would be acceptable to give a
unique identifier to every challenge that goes out and
make it be from user+auth-<id>@domain.com. Then mail
that comes to that kind of address is checked to see if
the id matches that of a challenge sent to the from
address. Then we know that this message is either an
answer to the challenge, or another challenge. These
could be differentiated by placing an X-Challenge header
on every challenge message. Right and wrong answers
would be handled directly, and messages claiming to be
a challenge could be placed in a holding area that the
user would check periodically.
The point of this is that no modification is needed either
to the protocol or the user agent. Everything is done
on the recipient's mail server. Even if spam did get
through (i.e. the challenges aren't good enough, or the
spam is masquerading as a challenge), you know that the
sending address is a valid, reachable address. This is
certainly a win over the current system.
There are probably big problems with this, as I haven't
applied more than a few minutes of thought to it. But
it struck me as I was reading Geoff's message.
Micah
next prev parent reply other threads:[~2003-09-03 3:35 UTC|newest]
Thread overview: 55+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <1270037699@snellwilcox.com>
2003-09-01 15:45 ` steve.simon
2003-09-02 1:43 ` ron minnich
2003-09-02 1:53 ` boyd, rounin
2003-09-02 1:58 ` ron minnich
2003-09-02 2:04 ` Skip Tavakkolian
2003-09-02 2:15 ` boyd, rounin
2003-09-02 2:12 ` boyd, rounin
2003-09-02 2:00 ` boyd, rounin
2003-09-02 13:56 ` Eric Grosse
2003-09-02 16:08 ` Dan Cross
2003-09-02 21:28 ` boyd, rounin
2003-09-02 22:16 ` david presotto
2003-09-02 22:36 ` ron minnich
2003-09-03 0:59 ` Dan Cross
2003-09-03 1:50 ` Geoff Collyer
2003-09-03 3:35 ` Micah Stetson [this message]
2003-09-03 12:43 ` boyd, rounin
2003-09-03 12:41 ` boyd, rounin
2003-09-03 5:48 ` david presotto
2003-09-07 1:56 ` Dan Cross
2003-09-07 4:04 ` ron minnich
2003-09-07 5:34 ` Dan Cross
2003-09-07 8:51 ` boyd, rounin
2003-09-07 19:34 ` ron minnich
2003-09-07 12:35 ` David Presotto
2003-09-07 19:05 ` Dan Cross
2003-09-07 20:15 ` boyd, rounin
2003-09-08 2:22 ` Geoff Collyer
2003-09-08 5:21 ` Lucio De Re
2003-09-08 9:45 ` boyd, rounin
2003-09-03 12:37 ` boyd, rounin
2003-09-03 14:09 ` matt
2003-09-03 13:42 ` Russ Cox
2003-09-03 16:21 ` Dan Cross
2003-09-03 7:38 ` Fco.J.Ballesteros
2003-09-03 7:59 ` Lucio De Re
2003-09-03 8:24 ` Fco.J.Ballesteros
2003-09-03 12:03 ` boyd, rounin
2003-09-03 19:54 ` David Presotto
2003-09-03 21:26 ` boyd, rounin
2003-09-04 5:42 ` Lucio De Re
2003-09-04 6:15 ` George Michaelson
2003-09-04 6:10 ` Lucio De Re
2003-09-04 6:31 ` George Michaelson
2003-09-04 14:07 ` ron minnich
2003-09-03 14:27 ` ron minnich
2003-09-02 15:57 ` Dan Cross
2003-09-01 20:31 matt
2003-09-03 9:13 lucio
2003-09-03 10:09 ` Lyndon Nerenberg
2003-09-03 12:25 ` boyd, rounin
2003-09-04 4:57 ` Lucio De Re
2003-09-05 1:43 ` boyd, rounin
2003-09-05 1:52 ` David Presotto
2003-09-05 2:17 ` boyd, rounin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20030903033517.GB4670@epaphras.inhouse.cnm-vra.com \
--to=micah@cnm-vra.com \
--cc=9fans@cse.psu.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).