'Stopping SPAM [OT]'
I've been thinking about the SPAM thing allot lately and I've had an idea
that I'd like to get some feedback on.
If I run an email server (I do, a free ware windows server, but I could run
a Linux one in the future and I could find a Linux one with C source and I
could modify a C program to add minor new features) and I made it check the
name (not the address) of the recipient (me) to verify that it contained a
short key on the end that is generated from the senders email and IP address
(a checksum perhaps), and automatically replied to email that did not have
this key (or did not have the correct key) with a message having a reply to
address that was my email with a name that had the correct key for that
sender added to it and that ask the sender if they really intended to
contact me and included a short description of who I am and what I'm
interested in then a legit email user or a merchant who had products I might
be interested in could just hit the reply key or resend the original email
with this new name, and the message would make it through my email server.
Wasn't that a great run on sentence? Is everyone completely confused? Ok...
emails can have a recipient name as well as a recipient email address. The
name is optional and arbitrary. I can calculated a check sum from the
senders email address and IP address. If that check sum is not at the end of
my name on an email sent to me, I can generate a reply email that says
"I've recieved this email from you but you don't seem to have my name
correctly entered so I'm not sure that you really intended to contact me. I
James Newton DK8d8as < geocities.com > jamesnewton
San Diego, CA 92027
I was born in Orange County CA, raised in Williams, OR and attended Hidden
Valley High School and Rogue Community College. I worked in Grants Pass,
Greensborough and Portland OR.
I was in the Navy for 7 years trained in Memphis TN, was stationed at NAS NI
and was an Avionics Tech for SH-60B Seahawk helecopters with the HSL-49 "Wee
-Bee" det during the Gulf War.
I'm interested in .... Yada, yada, yada.
If you really wanted to contact me, just hit reply or change my name in your
address book to the correct one listed above and resend your message."
Now, If they are legit, and I am the James Newton they wanted, they hit
reply and my server sees the check sum that matches sent-by email address
and IP and it sends the message through to me. Next time, they use their
address book and I get the message right away.
If they are a spammer, A) there isn't a reply to address so it goes right in
the dump or to the spamcop people B) the reply to address is a fake, so it
bounces and same result C) in the unlikely event that there is in fact a
reply to address that accepts my email one of three things happens 1) it
autoreplys and adds me to the known good email addresses so I get the SPAM
after all or 2) it doesn't respond itself but sells or sends my email
address to another group who then send me an email (from a different email
and IP address) and I don't get the SPAM or 3) somebody actually reads my
mini-bio and decides that I do or don't fit the customer profile and then
says "what the heck" and sends me the email anyway so I get the SPAM.
The idea really depends on C not happening doesn't it? But, there are some
1. I can track exactly who gave my email to the SPAMmer cause the first
email will have his checksum in it. (in some cases, two or more senders
could have the same checksum but that is unlikely)
2. I can block all future emails from that checksum no matter who the sender
is. Currently, the "add this to the junk senders list" is ineffective as
each SPAM comes from a new address.
3. The impact on legit senders is minimal. Friends can send me, for example,
a copy of a SPAM they got with their funny comment and a SPAM filter won't
kill it. I won't miss an important email from a client because some brain
dead SPAM filter miss-fired. The worst part is that people who I didn't send
an introductory email to (with the right check sum for them) will have to
read my auto reply and hit reply to sender the first time they contact me.
I also thought about modifying an email server so that it just checks for
reply to addresses and maybe pings the reply to server or sends a confirming
email and waits for it to not bounce before oking the original email.
Your suggestions and thoughts are appreciated.
James Newton wrote:
>I've been thinking about the SPAM thing allot lately and I've had an idea
>that I'd like to get some feedback on.
Sounds like a neat idea!
In addition to assigning keys for "could be" spammers, how about keeping a
database of "approved of" email and IP addresses that can send you email
without a key? That way you could add all of your friends and clients right
away and not even bother them with the "do you really want to email me?"
message (unless you want them to use a key so you know who the culprit was
if your address gets into the hands of spammers).
Well..only problem with storing IP addys as approval is that some IPs are
dynamic, meaning they change everytime the person reconnects. There are a few
people on the list that have static IPs (myself included) which could be
added. Otherwise, the whole SPAM prevention idea is a good one!
In a message dated 2/20/00 6:34:05 AM Pacific Standard Time, WEBSTER.ORGKen
> Sounds like a neat idea!
> In addition to assigning keys for "could be" spammers, how about keeping a
> database of "approved of" email and IP addresses that can send you email
> without a key? That way you could add all of your friends and clients
> away and not even bother them with the "do you really want to email me?"
> message (unless you want them to use a key so you know who the culprit was
> if your address gets into the hands of spammers).
More... (looser matching)
- Last day of these posts
- In 2000
, 2001 only
- New search...