Re: anti-spam software for home use
From: Alan Connor (zzzzzz_at_xxx.yyy)
Date: Mon, 08 Mar 2004 15:42:10 GMT
On Mon, 8 Mar 2004 01:44:00 -0600, *Vanguard* <firstname.lastname@example.org> wrote:
> "Alan Connor" said in
>> I posted a *mock* RFC a long time ago, an attempt at arriving at some
>> standards for the use of C-Rs in internet mail, but know of no actual
>> RFC on the subject.
>> It wasn't really an impressive article, frankly. If you want to work
>> on another one I'd be happy to chip in.
> I found a draft at
> http://www.ietf.org/internet-drafts/draft-irtf-asrg-cri-00.txt. It
> never does adequately the currently unintelligent mechanisms for
> addressing the challenge which results in sending "challenge spam" to
> innocents who had nothing to do with sending the original spam.
That problem was solved long ago.
The site is WAY out of date.
Apparently you didn't even read the description of an effective mail filter
using C/Rs that you claimed to summarize.
Here's another opportunity
pass-list ---------> block-list (content-filter) ---------> Challenge-Response
Along with many others, I use a filter designed like the above:
I never see any spam.
I send out very few C-Rs.
I don't have to mess with my filter at all.
Spam is just gone from my life, no muss and no fuss.
The only complaint I have ever had was from a domain that turned
out to be on the dnsbl (dns blacklist) for spamming.
Anyone can reach me with no muss or fuss if they use their real return
(In some ways, Challenge-Responses are like Caller-ID for phones: Someone
who wants to communicate with you must use their real return address, and
actually read the mail there.)
On the rare occassion that I send a C-R to an innocent party (I have to
assume that his has happenned at least once.) whose address has been forged,
then I have done them the favor of letting them know that it is being forged,
which can cause a person one hell of a lot of trouble.
They have my real address and are told in the C-R that I have a copy
of the headers of the post if they need it.
Like I said: ONE complaint, ever, and from spammers.
C-Rs are only one stage, and the final stage, of an effective mail filter
that is designed like so:
Where every friend, associate, commercial mailing list, discussion
mailing list, business, and non-profit org is given free access
to my inbox with my consent.
Anyone you send mail to must be passlisted.
This is where you make SURE you get all the mail you REALLY need
to get, or just want.
General, to kill most of the spam. You can use SpamAssasin here
called by procmail. Or just use good procmail recipes.
And specific, where domains and addresses are killed for various
offenses, generally repeated C-Rs that aren't returned.
(Do remember to blocklist your own address, or some clown will
send mail to you with your own address on the From: line and
set up a mail loop.)
You just can't catch all the spam with a content-filter like
SpamAssassin. If you even try, you will end up losing mail
that isn't spam, and getting some spam anyway. And you have
to update your filters all the time to keep abreast of the
(As well as save the spam to look through to make sure there
isn't any mail you want in there, which rather defeats the
whole purpose of a spam filter, in my opinion. I don't want
to ever see that garbage.)
Better to just kill the mail you KNOW is spam, and send a
C-R to the few that your content filter isn't sure about.
Most people that use these filters block any mail from
non-passlisted addresses that doesn't have a valid local
address alone on the To: line.
This kills, of itself, the vast majority of spam, so that
no un-necessary C-Rs are sent out to whatever address
they have chosen to present as their return address.
A little note that asks the receiver to paste a password on the
Subject: line and return it.
The Subject line on the C-R should have Re: original subject
This forces people to use their actual email address if they want
me to see their posts.
(And to read their mail...)
This is only required once. From then on, it's as if there is no
filter on my mail from their perspective.
-- Pass-List -----> Block-List ----> Challenge-Response The key to taking control of your mailbox. http://www.uwasa.fi/~ts/info/spamfoil.html http://tinyurl.com/3c3ag