[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Anti-Spam ideas for usenet/list harvested email addresses

Arnt Karlsen said:
> On Tue, 23 Sep 2003 22:06:19 -0600,
> Jacob Anawalt <jacob@cachevalley.com> wrote in message
> <[🔎] 3F71183B.70506@cachevalley.com>:
>> Arnt Karlsen wrote:
>> >On Tue, 23 Sep 2003 13:16:38 -0600 (MDT),
>> >"Jacob Anawalt" <jacob@cachevalley.com> wrote in message
>> ><[🔎] 1141.>:
>> >
>> >
>> >
>> >>Compare this to the "dog chasing cars" method of inventing a new
>> >>filter rule that looks through the MIME data to decide if this is
>> >>the latest worm you don't want or the kissing picture that you do.
>> >>Sure it's cool to be a geek and figure out the rules. If you like
>> >>doing this, do it.
>> >>
>> >..another option is "blow up the road": http://www.ordb.org/submit/
>> I laughed at this at first, taking it as a "Jacob, this is about as
>> dumb an idea as blowing up the road to your house", but then after
>> seeing the link was to their open relay form, I was stumped.
>> Do you mind shedding some more light on this for me if you were not
>> trying to be light hearted? Thanks.
> ..why spoil the fun? ;-)  Spam etc needs relaying "roads" to travel
> to your box.  ORDB also accepts email reports rather than this, uh,
> "massive" web form, and I would think mailfilter or fetchmail or
> somesuch can be a workable source for a mailto pipe.

Doesn't some spam come directly from an individual running SMTP from their
box to yours? I'm pretty sure this is the case for the W32/Swen@MM's email
spreading methods.

> ..a third idea is a to "first check if the same spam relay has been
> reported by someone else", ORDB has a 200 host report cap, and
> reporting the same box half a bazillion times a day would just DOS
> ORDB, which is not quite what we wanna do.  ;-)

A bitter irony is that we aren't using anything like ORDB to stop email
because others users don't trust it to not block email they want to get.
They heard stories about occasional blockings of places like AOL, and they
have friends set on using those ISP's.

I'm going to try the suggestions I've seen on the list by running S/A on
one domain. Maybe I can show the other users that it will be OK to use RBL
filtering of email. I like the ideas I've read on having S/A trigger
firewall rules for obvious spam.

Still I'd like to find some better way of sharing my email address without
feeling obligated to process all email sent to me in full. If there is a
good way of doing this, it would help not just my situation but also users
who like to post to lists and usenet but have no control over how their
ISP handles email and who have limited bandwidth or quotas on their
traffic. If many of these users were all on the same mail system, that
mail server would benefit by not processing the DATA of list/usenet
trolled spam/worm SMTP traffic.

Maybe rotating email addresses is the only way. That puts almost all of
the burden of spam prevention on my end without any special hoops for
others to jump through and once I close an account the SMTP server gets to
reject at the RCPT TO: stage.

Someone looking at an old message and trying to use the old email to
contact me would get a bounce. Hopefully I could minimize even this
inconveniance by having an overlap of some reasonable time frame between
opening the new account and closing the old one, and I forward all email
from the old to the new until the old is closed.

Maybe I could even coordinate OpenPGP sub keys used to sign my
coorispondance to expire on some interval, and my .sig could say "If the
public subkey for this digital signature is revoked or expired, I've
changed email addresses."

Any rants on how inconveniant those methods would be if they wanted to be
nice enough email me? :)

Next month's news: "A new email worm that attacks only users of OpenPGP
key servers by pulling down their public keys and emailing all their
identities." *sigh*

I'll keep trying things and if I get some more mail server side wild
(possibly bad) ideas, I'll post it to the debian-isp list.

Trying out SquirrelMail

Reply to: