l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
July 21: Defensive computing: Information security for individuals
Next Installfest:
TBD
Latest News:
Jul. 4: July, August and September: Security, Photography and Programming for Kids
Page last updated:
2003 Jun 25 13:09

The following is an archive of a post made to our 'vox mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox] spam control: send email to confirm
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox] spam control: send email to confirm



On Mon, Jun 23, 2003 at 11:32:01AM -0700, Peter Jay Salzman wrote:
> http://hr.uoregon.edu/davidrl/confirm/
[...]
> when someone sends you an email for the first time, they have to send a
> confirmation email to verify they're not a spammer.

On Mon, Jun 23, 2003 at 11:58:14AM -0700, Rod Roark wrote:
> Well, what it should do is require a reply that only a
> human could easily produce.  For example ask them to
> reply with a word depicted in a graphic image.
> 
> Of course most businesses would never implement a reply-to-
> confirm scheme, out of fear they would lost a potential
> customer.

Rod,

  A vast majority of the 100% real spam with no useful purpose does not
have valid source email address, in that the forged headers will go
to someone that is not really there.  Even without wet-wear
comprehension tricks the simple verify the sender really exists
and will acknowledge a test message would be very effective.  Only the
small portion of spam from real companies/people would be left, and
those are easy to blacklist.


All,

  One minor problem is this kind of system in wide deployment could be
used as a DDOS on a particular person... spam a batch of thousands of 
people who you know have a system like this, forge some target's real 
email address as the sender, suddenly that one person has thousands of
junk email messages saying "confirm me" in their inbox.


  Another minor problem is if two people both have a similar system
in operation they may not ever see each other's email... because
===
person A sends a real email to person B,
person B's auto-system sends a "confirm you exist first" email to person A,
person A's auto-system sends a "confirm you exist first" email to person B,
  [hopefully deadlock, worst case mail loop between two auto-systems]
===

... if person A's auto-system is very smart and does whatever B's
auto-system is asking for in the contents of it's "confirm you exist"
message then A's original mail would get through.

  I don't think spam is a simple problem.

-- 
GPG key: http://simons-clan.com/~msimons/gpg/msimons.asc
Fingerprint: 524D A726 77CB 62C9 4D56  8109 E10C 249F B7FA ACBE

Attachment: pgp00010.pgp
Description: PGP signature



LinkedIn
LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
facebook
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
Appahost Applications
For a significant contribution towards our projector, and a generous donation to allow us to continue meeting at the Davis Library.