[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Anti-Spam ideas for usenet/list harvested email addresses



> But my goal was to reduce the spam I get that is harvested from mailing
> lists. If someone wants to subscribe to a mailing list that doesn't do
> reverse dns, then there needs to be authentication before DATA on some
> other bit of information. I could still get posts from the guy in Brazil
> or the guy using SMTP off of his cable modem DHCP'd address because they
> would be mailing the list, not me. The list is mailing me.

Hm, that's right, indeed.

> > Make the list server PGP-sign the messages, maybe? You install the list
> > server key once, and never worry about it again?
> 
> If some small PGP/GPG data could be sent as part of a new EHLO syntax
> command then OK, otherwise I'm in the DATA section again. It would have to
> be a standard before I'd use that.

You want to reject the mail before it's queued. I like the idea, but that's
more difficult to implement...

I wonder how many MTAs would let you do this:

- set up a mail for lists only
- set up terribly-aggressive blocking with DNSBLs and other things (like
  requiring the reverse DNS), *only for that address*. Other addresses
  would not go through such restrictive tests.

> The latest churn on debian-user about Spam hasn't been UCE spam. It's been
> worm spam. I don't know anyone personally who likes to recieve WORM/Virus
> code in their inbox but it persists. I don't see a near-term solution for
> convincing the individuals who write this code.

Right, I forgot about that.

Anyway... Blocking servers wouldn't help in the case of viruses, I think. 
Ordinary people get viruses, and the mail is sent through their (probably 
correctly configured) smarthost. Maybe something like Postfix
header_checks? But that would also require some work :-(

J.



Reply to: