l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
August 5: Social gathering
Next Installfest:
TBD
Latest News:
Jul. 4: July, August and September: Security, Photography and Programming for Kids
Page last updated:
2003 Jun 25 18:49

The following is an archive of a post made to our 'vox mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox] Re: spam control: send email to confirm
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox] Re: spam control: send email to confirm



On Wed, Jun 25, 2003 at 03:37:44PM -0700, Sam Peterson wrote:
> > Something which wouldn't prevent this abuse (but could make it less
> > effective), would be to keep a temporary record of confirmation
> > requests sent out recently, and not resend them to the same address
> > for a given period.
> 
> The above website I believe has just such a safe guard, but I still
> think that's a horribly ineffective defense.

But what would you recommend as replacement? You pointed out that the
deluge of confirmation e-mails were a PITA; but imagine if that site
had *not* used any confirmation (all too frequent, still, these days),
then your friend would instead have received a potentially *much*
huger quantity of mail. And they would not have stopped
coming. Well-executed mail-bombs have that behavior; your friend
should thank his/her lucky stars that the attacker was apparently a
moron.

Remember that it's almost as easy to write a Perl script to
auot-submit to 50 separate sites, each with a different mailing list,
as to auto-submit to a single site with 50 mailing lists; so the fact
that all those lists were at one spot doesn't really perturb me.

But there really isn't any other way I can think of to confirm e-mails
reliably.

> > A's system doesn't necessarily have to be too terribly smart for this
> > to work: especially if the confirm bots standardize on procedure.
> > 
> > The common e-mail confirmation request expects some random string in
> > the Subject line or the message body. So if confirmation bots make a
> > habit of including the subject line and original message, similar to
> > what most mail readers do when you hit the "Reply" button, then we
> > should be okay.
> 
> One hopes :-).  I view autoresponses in general as basically evil.

Yeah, I'm not sure about how I feel in using them for auto-spam
confirmations. They are an absolute necessity for mailing lists though
(as explained above).

-Micah
_______________________________________________
vox mailing list
vox@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox



LinkedIn
LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
facebook
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
EDGE Tech Corp.
For donating some give-aways for our meetings.