On 5/18/05, Stewart Stremler <[EMAIL PROTECTED]> wrote: > begin quoting m ike as of Wed, May 18, 2005 at 02:52:51PM -0700: > > > How do you offer 'em up? > > > > I guess by making them vulnerable in the same way valid addresses are > > vulnerable. > > Remember that you don't want to offer anything up that could be confused > with a "real" address, otherwise valid email from strangers trying to > reach you would result in a false match... > > If that's acceptable, the easier solution is to simple go to whitelists, > and be done with it. >
Yes! > > And i guess that there are people who have studied the approaches that > > spammers take to get addresses. > > Web-pages, usenet, compromised boxes, and purchased lists. > > > > "Honeypot" is the name of the generic concept. > [snip] > > ... but > > I thought that a honeypot was an intentionally weak spot in a security > > system, > > I think of a honeypot as something so sweet and tasty so as to get the > target to do something unwise. > > > where as the spam tactic is more a needle-in-the-haystack approach, where > > one intentionally pollutes namespace so that the valid addresses become > > needles and the spammer has to spam the entire haystack in order reach > > the needle. > > Set the haystack on fire. Sift the ashes. Finding a needle in a haystack > is no problem if you're willing to engage in a little destructive behavior; > and spammers aren't afraid of matches. > > > > How do you choose to ignore the spammers? > > > Filter on the sender's email address? > > > Block the IP of the sender? > > > > If similar content is received at fictitious addresses, then it > > is spam. > > So content-based matching? Is the whole message kept, or just > a checksum of some sort? (If the latter, only exact matches > apply, and spammers have already figured out how to make spam > "unique" for each user.) > > > > I like the idea of greylisting > > > > > I'm not sure what greylisting is > > SMTP has the concept of a "temporary" error -- basically, "I can't take > this email right now, try back in a couple of hours." > > So greylisting uses this. When someone sends you an email, your mail > server takes note of who you claim to be, what your IP is, and who > you are sending to... and then has a 'temporary error', and logs that > information along with a timestamp. > > Subsequent connections are checked against this data, and once > a certain amount of time has elapsed (say, four hours), email is > allowed through, otherwise, there's a temporary failure again. > > Real email gets through -- although, with a four-hour delay the first > time -- so once you have a relationship with someone, there's no > problem. Strangers who are legitmately trying to contact you can > still do so. Spammers often use tools that send in a fire-and-forget > manner -- so they won't try back (no spam!) or they'll stay online > long enough to be listed in an RBL (no spam!). > > -Stewart "In concept, it's brilliant, simple, and elegant." Stremler > Wow. As much as I don't like "contorting" protocols, that's certainly acceptable behavior, and does have good effects on some concrete problems. Very simple too......if I'm not cool enough for you to wait a few hours....then you're not worth my time. T -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
