____________________________________________________________________ Beware gentle knight, there is no greater monster than reason. Miguel de Cervantes The Armadillo Group ,::////;::-. James Choate Austin, Tx /:'///// ``::>/|/ ravage@ssz.com www.ssz.com .', |||| `/( e\ 512-451-7087 -====~~mm-'`-```-mm --'- -------------------------------------------------------------------- ---------- Forwarded message ---------- Date: Thu, 29 Mar 2001 17:34:57 -0500 From: Marcus Watts <mdw@umich.edu> To: coderpunks@toad.com Subject: Re: Wholsalers America-Its Time To Make Some Real Money Various have written:
mkb:
seems feasible to me to keep out a lot of the spam while still allowing anonymous posters to contribute.
spiff:
see here:
oi.
i was thinking of it more from a technical standpoint than a political one. a few simple filters would stop a lot of the spam without much impact on anonymous posters. for example, don't allow messages that don't list coderpunks@toad.com on the To or Cc headers.
"coderpunks@toad.com" would match To: fields of 26 of the last 60 spam messages. No hits in cc: - guess it's not so popular in spam. There's also "resent-to" and "resent-cc", and of course bcc (and how do you spot that?...) Of course, anything to "Undisclosed.recipients@toad.com" is pretty glaring. To be really effective, a spam filter has to look for less obvious "spam signatures" that aren't so easily spoofed. For instance, there was once a spam package that sent out date fields that looked like: Date: 1/6/99 9:17:27 AM Pacific Daylight Time (and since when has PDT applied in january?) Authors of real mail programs have to worry about y2k considerations, international users, and other considerations that never bother spammers. I've got "a few simple filters" on all mail I receive (actually, more than a few these days), including that from coderpunks. Until these last 2 flurries of spam, I thought I was doing pretty good. I did catch a few, but it was like 10%--pathetic. Now I understand (from the URL above) why my filters lost it big-time - apparently I'm filtering the spam that's already been through "a few simple filters" upstream of me. It looks like I'll be doing a lot more content based spam filtering. I've already got 3 of them going... I don't know what toad.com says [if anything] when it bounces spam, but I bounce spam with a bible quote. Last thing I want to tell the spammer is how to get around the filter. I hope instead they'll pull my address from their list as "undeliverable". Unfortunately, I also bounce the occasional legitimate mail with a bible quote - them's the breaks. I hate to think this might all be due to some silly dispute with an ISP -- things ought not to get to that point. One random thought: I wonder if we've created any of this problem ourselves? For instance, if any of us has an automated script that sends a spam complaint off to the "responsible parties", it's possible those scripts have decided it's toad.com's fault the spam got sent, and fired an inflamatory message off to verio... I know I don't do this (I no longer get mad, I get even. My filters protect 20,000 mailboxes...), but perhaps others of us?
i'm sorry to be filling up the list with anti-spam talk rather than crypto talk. i did try to contact the moderator directly.
Me to (well, except I didn't try to contact the moderator--which is um, don't we have more than one?, um...) That's the problem - both when the spam overwhelms legitimate content, and when talk turns to dealing with the problem. I had proposed the "few simple filters" approach on the list a long long while back--wish it had been done sooner so the spammers wouldn't have had quite so many CD-roms out with coderpunks@ on it. The latest round of bounces had me seriously wondering about just was happening (had space aliens swapped the brains of Spamford and Gilmore?) A more "interesting" way to do the "simple filter" approach (and one that might actually have some real relevance to the purpose of this list!) might be something that actually uses cryptography. For instance, one solution might be to have a web server that supplies a cryptographic "token", good for one mailing through the mailing list. Simply cut & paste somewhere in the body of the message, and the mail list software could remove the token before delivery. It can even be anonymous (web server hands it out to anyone) - the idea here isn't actually to secure or authenticate the content, but simply to put an obstacle that prevents automated scripts, regular mmf spammers and the usual lot of scum from actually posting anything to the list. If mail missing the token is delivered to the moderator(s) even mail missing the magic token could be forwarded if it were relevant, although I don't think the moderators would want to encourage this as a matter of habit. -Marcus