On Tue, 3 Jan 2017 19:11:35 +0800 Rob Gunther wrote: > The other day I was thinking it would be cool if you could detect > legitimate replies to mail I send. > > Everyone gets spam with subjects like this: > > Re: some type of trash subject > > Obviously those are not replies to a message you sent. > > That got me thinking of ways to authenticate a legitimate reply to a > message I sent. > > I came up with a concept called 'Authenticated Reply Detection'. > > It uses the Message-ID header to encode some information when a > message goes out - no database or saving of Message-ID is required. > > If/When a reply comes back the details from Message-ID come back in > the 'In-Reply-To' header. If validated the message is guaranteed to > be a reply to a message I sent, and spamassassin could adjust scoring > accordingly.
In practice all you need to do is use a different domain or sub-domain in the Message-ID, one that's never used in email addresses. Unless you are a large service provider it's unlikely to be abused, and you can turn-it off in seconds if it becomes a problem.