> Remember that you don't want to offer anything up that could be confused > with a "real" address, otherwise valid email from strangers trying to > reach you would result in a false match... > > If that's acceptable, the easier solution is to simple go to whitelists, > and be done with it. > from my understanding of what a white list is, it takes quite a bit of never-ending user-administration. but continuing with the idea anyway, one ought to pollute the address book as well so as not to offer up pure list of valid addresses on a compromised box.
> Set the haystack on fire. Sift the ashes. Finding a needle in a haystack > is no problem if you're willing to engage in a little destructive behavior; > and spammers aren't afraid of matches. > I don't see how to implement the metaphor. > So content-based matching? Is the whole message kept, or just > a checksum of some sort? (If the latter, only exact matches > apply, and spammers have already figured out how to make spam > "unique" for each user.) > 1) yes. 2) I don't know 3) no one would need to keep recent spam - say a months volume times the number of fictitious addresses. > SMTP has the concept of a "temporary" error -- basically, "I can't take > this email right now, try back in a couple of hours." > > So greylisting uses this. When someone sends you an email, your mail > server takes note of who you claim to be, what your IP is, and who > you are sending to... and then has a 'temporary error', and logs that > information along with a timestamp. > > Subsequent connections are checked against this data, and once > a certain amount of time has elapsed (say, four hours), email is > allowed through, otherwise, there's a temporary failure again. > > Real email gets through -- although, with a four-hour delay the first > time -- so once you have a relationship with someone, there's no > problem. Strangers who are legitmately trying to contact you can > still do so. Spammers often use tools that send in a fire-and-forget > manner -- so they won't try back (no spam!) or they'll stay online > long enough to be listed in an RBL (no spam!). > cool, but it seems the RBLs are likely to get "polluted" with valid IPs, no? (just trying to understand, not criticizing) Mike -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
