Remember that we're talking about detecting spam on *outgoing* messages - any incoming messages have to be encrypted also, which is too much work for almost all most spammers, and requires them to do computation on each message (especially if you only output one outgoing message per incoming.) At 09:33 PM 10/3/00 -0400, Neil Johnson wrote:
Checking the first 20 bytes just means the spammer will just add 20 bytes of junk to the start of their message.
Spammers unfortunately, can be pretty smart, look at all the work they will do to cull addresses from newsgroups and mail lists, even looking for "mailto:fred@NOSPAM.fff.com (Remove NOSPAM to send me a message)" type addresses.
Better to have it run the message through the encryption program (PGP or Mix) somehow to see if it is a well formed (contains valid packets).
Of course that means restricting users to PGP or other standard encryption systems
(I can see it now, all SPAM will arrive starting with "------ BEGIN PGP ENCRYPTED MESSAGE ----")
Thanks! Bill Bill Stewart, bill.stewart@pobox.com PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639