Re: Look at these update from M$ Corporation.
> From firstname.lastname@example.org Sat Aug 2 13:17:11 2003
> On Sat, 02 Aug 2003, Alan Connor wrote:
> > > It seems to me, if you can automate C-R, then spammers can too. Or do y=
> ou have to verify that your a 'legitimate organization' to some sort of cer=
> tificate authority to get the software? That is the last thing anyone wants.
> > The argument to the X-CR header is a password. A unique password to the
> > transaction.
> So, basically, we probably have a well formed message with one
> non-expected word...
> Nope, I could never figure out a way around that, if I was so inclined.
> I am a tad puzzled at the all-or-nothing attitude in this discussion. =20
> Wouldn't it be better to combine a C-R system with a system that checks=20
> malformed headers, a system that uses regexp's to check the spaminess of
> a message, and a system that uses bayes filtering to check email?
> Imagine the following system:
> Email starts the filtering process:
> Are any headers horribly screwed up? If so, keep copy for local
> retrieval, and send a C-R.
> Parse through regexps and a bayes filter. If the email has a high=20
> degree of spamminess, send a C-R and keep a copy for local retrieval.
> If the email is borderline, sort into a seperate folder to check. If
> the email does not seem to be spam, sort normally.
> Once the possible spams have been checked, send a C-R to any that were
> This system has the nice advantage of trying, as hard as it can, to make
> sure I don't lose a legitimate email. The C-R does not interfere with
> any email I would have normally checked - instead, it adds an added
> layer of safety.
> Hmmm, perhaps I'll impliment that one day. :) Right now, my spam
> problem doesn't bother me though, a quick 30 second scan each morning
> and I'm done. :) False positives and false negetives approach 0.
> ~ Jesse Meyer
Doesn't sound like a bad system, Jesse, but it is not a pure CR program,
which is what I'm about here.
Not sure what you mean by all or nothing. I don't lose any mail I want to
see . If the headers were badly screwed up then its gone (I have been
monitoring my logs for a long time, and never seen a case where badly screwed
up headers were anything but spam or harrasment.)
If they used a false address, then they don't get the auto-response.
If they don't think talking to me is worth resending 1 mail 1 time, then
I don't want them to have access to my mailbox.
I don't read ANY of the above mail. It goes straight to /dev/null
What a lot of people don't understand, is that CR programs protect THEM.
With a regular spamblocking program, anyone can use YOUR address and cause
How wwould you like it if someone sent kiddie porn to a thousand people and
used your address in the From, From: Reply-To: and Return-Path: headers ???
This happens, with a thousand variations, ALL the time.
With a CR system, a person wouldn't even see the mail, and when YOU received
the CR you would know something was wrong and contact the person who sent
the CR to you. If they are like me, they save the headers of mail that doesn't
come from anyone on their passlist, and you could then have a copy of them
for your records. You could then contact the ISPs on the headers and get their
abuse hounds on the track, and leave a public record that proves your innocence.
If no one was using a CR program on that list, you might never know something
was wrong until the cops showed up with a search warrant and the local media
in tow. That sort of thing can wreck your marriage and your career, even if
you eventually prove your innocence...
See? There is more to CR/MSP than meets the eye :-)
For Linux/Bash users: Eliminate spam with the Mailbox-Sentry-Program.
See: http://tinyurl.com/inpd for the scripts and docs.