l i n u x - u s e r s - g r o u p - o f - d a v i s
Next Meeting:
July 7: Social gathering
Next Installfest:
Latest News:
Jun. 14: June LUGOD meeting cancelled
Page last updated:
2003 Jun 25 19:33

The following is an archive of a post made to our 'vox mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
[vox] Re: spam control: send email to confirm
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[vox] Re: spam control: send email to confirm

On Wednesday, Jun 25 2003, Micah J. Cowan spake thus:
> On Wed, Jun 25, 2003 at 03:37:44PM -0700, Sam Peterson wrote:
> > > Something which wouldn't prevent this abuse (but could make it less
> > > effective), would be to keep a temporary record of confirmation
> > > requests sent out recently, and not resend them to the same address
> > > for a given period.
> > 
> > The above website I believe has just such a safe guard, but I still
> > think that's a horribly ineffective defense.
> But what would you recommend as replacement?

I don't have any recommendations, I don't know how to implement a
better defense given the email system :-).  This mechanism is
effective for one user.  However, in the volume bombing idea I
mentioned, it can't guard against having multiple users at the same
site bombed, which is what I was stating is the problem.  One user
being bombed this way is no big deal, several 100 to several 1000
email address in one firm however, ouch...

Unlikely, but ouch.

> You pointed out that the deluge of confirmation e-mails were a PITA;
> but imagine if that site had *not* used any confirmation (all too
> frequent, still, these days), then your friend would instead have
> received a potentially *much* huger quantity of mail.

I agree confirmations are a good thing, they're meant to already
circumvent a much more evil mail bomb.

> Remember that it's almost as easy to write a Perl script to
> auot-submit to 50 separate sites, each with a different mailing list,
> as to auto-submit to a single site with 50 mailing lists; so the fact
> that all those lists were at one spot doesn't really perturb me.

Saves lots of time in gathering a bunch of mailing lists though :-).

> But there really isn't any other way I can think of to confirm
> e-mails reliably.

PGP/GPG but that's way too complicated a bag-o-worms to open up for
mailing list subscriptions.

> > > A's system doesn't necessarily have to be too terribly smart for this
> > > to work: especially if the confirm bots standardize on procedure.
> > > 
> > > The common e-mail confirmation request expects some random string in
> > > the Subject line or the message body. So if confirmation bots make a
> > > habit of including the subject line and original message, similar to
> > > what most mail readers do when you hit the "Reply" button, then we
> > > should be okay.
> > 
> > One hopes :-).  I view autoresponses in general as basically evil.
> Yeah, I'm not sure about how I feel in using them for auto-spam
> confirmations. They are an absolute necessity for mailing lists though
> (as explained above).


| sam -- Programmer I                                                |
| University of California, Davis : Hart Interdisciplinary Programs  |
| GPG Fingerprint: 4F08 E33E 92A2 EA88 CE75  75DC D84C 6046 0240 515F|
vox mailing list

LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
Appahost Applications
For a significant contribution towards our projector, and a generous donation to allow us to continue meeting at the Davis Library.