Challenge-Response Mail Filters, (was: <snip>)
am 15.05.2005 06:22:44 von Alan ConnorOn comp.mail.misc, in
<410cb016$0$31040$ee9da40f@news.wanadoo.nl>, "Frank Slootweg"
wrote:
> Alan Connor
>
>> Newsgroups: ... ,alt.os.linux,comp.os.linux.misc
>
> Who was it again who whined about people not following
> Netiquette?
Cross-posting is not a violation of the Netiquette, fool.
It's a built-in feature of NNTP.
>
>> On 31 Jul 2004 13:50:18 GMT, Frank Slootweg
>>
>>
>>
>>
>>
>> > Or some idiot decided that (starting) to use a C/R system
>> > is a smart thing to do. Nah, you're right, can't happen!
>>
>> Funny. "Idiots" that use C/R systems are the only people on
>> the planet that don't have a spam problem.
>
> False.
>
No, it's perfectly true, and you know it.
Which is why they drive you crazy.
The design of an effective spam filter using Challenge-Responses
------------------------------------------------------------ ----
Why would anyone want such a filter? Because these are the only
filters that spammers and trolls cannot beat: They reject
anonymous mail.
This is why you see so much anti-Challenge-Response material
on the Usenet and the Web.
------------------------------------------------------------ ----
PASS-LIST --> BLOCK-LIST (content-filter) --> CHALLENGE-RESPONSE
Along with many others, I use a filter designed like the above:
I never see any spam.
I send out very few C-Rs.
I don't have to mess with my filter at all. (Except to add
and subtract addresses from my passlist, which takes about
5 minutes a week.)
No one I want to hear from has any problems reaching me.
Spam and trollmail is just gone from my life, no muss and no
fuss.
The only complaint I have ever had was from a domain that turned
out to be on the dnsbl (dns blacklist) for spamming.
Anyone can reach me with no problem if they use their real return
address. And read their mail...
In some ways, Challenge-Responses are like Caller-ID for
phones: Someone who wants to communicate with you must use their
real return address, and actually read the mail there.
The mail must be from someone who wants to establish a *two-way*
communications link with you, not from someone who just wants you
to buy something (or read abusive language or see pornography...)
(Note that I subscribe, by *choice*, to many commercial mailing
lists.)
On the rare occassion that I send a C-R to an innocent party
(I have to assume that his has happenned at least once.) whose
address has been forged, then I have done them the favor of
letting them know that it is being forged, which can cause a
person one hell of a lot of trouble.
They have my real address and are told in the C-R that I have
a copy of the mail if they need it. (These mails are sent
to a quarantine directory, and not seen unless the C-R is
returned. After N [condigurable] days they are deleted unseen if
the C-R is not returned.)
Like I said: ONE complaint, ever, and from spammers. (few use
their real return address, and this outfit insisted that *their*
un-solicited commercial email wasn't really spam. Right.)
C-Rs are only one stage, and the final stage, of an effective
mail filter that is designed like so:
PASSLIST
Where every friend, associate, commercial mailing list,
discussion mailing list, business, and non-profit org is
given free access to my inbox with my consent.
This is where you make SURE you get all the mail you
REALLY need to get, or just want.
Anyone you send mail to must be passlisted.
BLOCKLIST (Content-Filter)
General: to kill most of the spam. You can use
SpamAssasin here, called by procmail, Or just good,
simple, procmail recipes.
Specific: where domains and addresses are killed for
various offenses, generally repeated C-Rs that aren't
returned.
(Do remember to blocklist your own address, or some clown
will send mail to you with your own address on the From:
line and set up a mail loop.)
You just can't catch all the spam with a content-filter
like SpamAssassin. If you even try, you will end up
losing mail that isn't spam, and getting some spam
anyway. And you have to update your filters all the time
to keep abreast of the spammers.
(As well as save the spam to look through to make sure
there isn't any mail you want in there, which rather
defeats the whole purpose of a spam filter, in my
opinion. I don't want to ever see that garbage.)
Better to just kill the mail you KNOW is spam, and send a
C-R to the few that your content filter isn't sure about.
Most people that use these filters block any mail from
non-passlisted addresses that doesn't have a valid local
address alone on the To: line.
This kills, of itself, the vast majority of spam, so that
no un-necessary C-Rs are sent out to whatever address
they have chosen to present as their return address.
If mail is received from an address twice that fails to
return a C-R, that address is blocklisted automatically,
and any further mail from that address is sent to
/dev/null.
You can use one of the common content-filters here, like
procmail or spamassassin or mailfilter. Just tune it so
that it only kills obvious spam.
Contrary to what the spammers and trolls would have you
believe, spammers take great pains to avoid using the
addresses of innocent third parties, because to do so
would bring a lot of heat on them. You have only to
reply to a sampling of the spam you get by email to
discover that these replies almost always bounce.
CHALLENGE-RESPONSE
An auto-response that sends little note that asks the
receiver to paste a password on the Subject: line and
return it.
The Subject line on the C-R should have Re: original
subject on it.
This forces people to use their actual email address if
they want me to see their mails.
(And to read their mail...)
This is only required once. From then on, it's as if
there is no filter on my mail from their perspective.
------------------------------------------------------------ ---
AC
--
alanconnor AT earthlink DOT net
Use your real return address or I'll never know you
even tried to mail me. http://tinyurl.com/2t5kp