Re: More problems with Debian and list SPAM
On Sun, 17 Feb 2002 04:08, Reagan Blundell wrote:
> > Hmm, either me or you didn't get the point here. What I was pointing
> > at is that whitelist filtering may be easily bypassed if the email
> > addresses on the whitelist are spread all over the web.
> >
> > Just google for some message that appeared on a debian list, take the
> > sender address and use it as the fake sender of your spam.
>
> And just how many spammers do you think would know enough
> about how the debian mailing list spam filters would be set
> up, and also have the motivation to spend the effort to do that?
Some spammers are already doing such things. It's a very small minority at
the moment.
Even when spammers start doing this more often it will make things more
difficult for spammers, as they need to use an address that's still
subscribed (an address that was subscribed 4 years ago probably won't work).
Also we could add extra intelligence later on. For example there is mailing
list software that will send back a message asking the user to confirm the
message if posting from an unknown address. That could be extended to have
the server send back a request for confirmation when they see a known address
with an IP address that hasn't been used before (default option to enable the
entire class C for that email address). Then any IP address that you hadn't
sent mail from for a period of two months would be removed from your entry in
the database.
Such things would make it VERY difficult for spammers while providing little
extra work for legitimate users.
--
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/projects.html Projects I am working on
http://www.coker.com.au/~russell/ My home page
Reply to: