On Mon, Jan 29, 2007 at 11:23:50AM -0500, jonc wrote: > Excellent point, but then we have a known Mailserver that is spewing > fake-mail. You can either drop all mail from this server - or examine > the digital key header for all email coming from this server and drop > the fake ones.
We have that today, to 99.99% certainty anyway: anything on a reputable DUL (e.g. not SORBS). > If we run server-to-server traffic on a different protocol (also > suggested earlier) we can actually leave the suspect mail on the suspect > server and not download/accept the email until we have verified the > authenticity of each email. > > This leaves the spammers server bunched up with his *own* spam... :-) This really doesn't do much. The spammer stores 1 copy, a huge list of addresses, and the PRNG seed for the message-mutator (or he hashes the address and a per-message salt to get the seed and saves 4 bytes per address). This is where any "make the spammer have to store every spam he sends" anti-spam method breaks down. -- TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational FAQ : http://trilug.org/faq/ TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
