[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Spam in the lists out of control

On Tue, May 11, 2004 at 01:36:51PM +0200, Wouter Verhelst scribbled:
> On Tue, May 11, 2004 at 10:49:47AM +0200, Bartosz Fenski aka fEnIo wrote:
> > > There is a tool that does a very good job for keeping spam
> > > away from your box if you're willing to put some effort in configuring it
> > > (I'm not using it personally, but my boss is - with a great success) -
> > > http://www.tmda.net/
> > 
> > That looks interesting. Thanks for pointing it out to me.
> tmda challenge-response is not an effective solution against spam. There
I beg to differ. Read below.

> are a few reasons:
> * When a spammer sends you a mail, the autoresponse you send out will
>   effectively spam other people. You're saying "I don't like to be
>   spammed, so I'm spamming you instead". That's annoying, at best.
It's actually pretty effective but, I agree, not really friendly.

> * Many people (me included, but there are certainly more) do not bother
>   to jump through hoops for the amazing privilege to communicate with a
>   complete stranger. Requiring people to do so will indeed get you rid
>   of all your spam, but it will include a fair amount of legitimate
>   mail, too.
It's not the way you think it works. The challenge is not (doesn't have to
be, at least) sent to every email. We have set it up so that only mails
with 10.0 < score > 1.0 are challenged. Besides, tmda has several other nice
things - like addresses timing out after some time, addresses available only
for certain posters (for example for your bank statements, credit card
reports etc.) and a few other nice features. You can tune it so that the
unfriendly effect is as minimized as possible. What you mention as a
problem, the fake sender addresses, are really a problem but, selfishly, I'd
rather ignore that issue. All in all, spam is a complex issue not easily
solvable if we'd like to do it using standard protocols, I guess... In the
ideal world everybody would sign their mail with signatures we could trust.
Let's imagine that the mailing list people are subscribed to signs the
mails with its own key but only those mails which are signed by their
subscribed users with their known pgp/gpg keys (yes, it's sort of similar to
closing the list and I realize what the pros/cons of that are) and the
unsigned mails are challenged by the mailing list software and posted only
if the sender certifies that the mail is legit. Pain in the neck, but it
might work, I guess. The same goes with the personal mail - mails signed
with known signatures are passed through, those signed with unknown
signatures are challenged but treated as 'probably legit', those unsigned
are treated as spam. But, again, that would be in ideal world :) Just some
ramblings, really



Attachment: signature.asc
Description: Digital signature

Reply to: