Post by thread:Stopping SPAM [OT]

I've been thinking about the SPAM thing allot lately and I've had an idea that I'd like to get some feedback on. If I run an email server (I do, a free ware windows server, but I could run a Linux one in the future and I could find a Linux one with C source and I could modify a C program to add minor new features) and I made it check the name (not the address) of the recipient (me) to verify that it contained a short key on the end that is generated from the senders email and IP address (a checksum perhaps), and automatically replied to email that did not have this key (or did not have the correct key) with a message having a reply to address that was my email with a name that had the correct key for that sender added to it and that ask the sender if they really intended to contact me and included a short description of who I am and what I'm interested in then a legit email user or a merchant who had products I might be interested in could just hit the reply key or resend the original email with this new name, and the message would make it through my email server. Wasn't that a great run on sentence? Is everyone completely confused? Ok... emails can have a recipient name as well as a recipient email address. The name is optional and arbitrary. I can calculated a check sum from the senders email address and IP address. If that check sum is not at the end of my name on an email sent to me, I can generate a reply email that says something like: "I've recieved this email from you but you don't seem to have my name correctly entered so I'm not sure that you really intended to contact me. I am: James Newton DK8d8as < spam_OUTjamesnewtonTakeThisOuTgeocities.com > San Diego, CA 92027 1-619-652-0593 I was born in Orange County CA, raised in Williams, OR and attended Hidden Valley High School and Rogue Community College. I worked in Grants Pass, Greensborough and Portland OR. I was in the Navy for 7 years trained in Memphis TN, was stationed at NAS NI and was an Avionics Tech for SH-60B Seahawk helecopters with the HSL-49 "Wee -Bee" det during the Gulf War. I'm interested in .... Yada, yada, yada. If you really wanted to contact me, just hit reply or change my name in your address book to the correct one listed above and resend your message." Now, If they are legit, and I am the James Newton they wanted, they hit reply and my server sees the check sum that matches sent-by email address and IP and it sends the message through to me. Next time, they use their address book and I get the message right away. If they are a spammer, A) there isn't a reply to address so it goes right in the dump or to the spamcop people B) the reply to address is a fake, so it bounces and same result C) in the unlikely event that there is in fact a reply to address that accepts my email one of three things happens 1) it autoreplys and adds me to the known good email addresses so I get the SPAM after all or 2) it doesn't respond itself but sells or sends my email address to another group who then send me an email (from a different email and IP address) and I don't get the SPAM or 3) somebody actually reads my mini-bio and decides that I do or don't fit the customer profile and then says "what the heck" and sends me the email anyway so I get the SPAM. The idea really depends on C not happening doesn't it? But, there are some interesting points. 1. I can track exactly who gave my email to the SPAMmer cause the first email will have his checksum in it. (in some cases, two or more senders could have the same checksum but that is unlikely) 2. I can block all future emails from that checksum no matter who the sender is. Currently, the "add this to the junk senders list" is ineffective as each SPAM comes from a new address. 3. The impact on legit senders is minimal. Friends can send me, for example, a copy of a SPAM they got with their funny comment and a SPAM filter won't kill it. I won't miss an important email from a client because some brain dead SPAM filter miss-fired. The worst part is that people who I didn't send an introductory email to (with the right check sum for them) will have to read my auto reply and hit reply to sender the first time they contact me. I also thought about modifying an email server so that it just checks for reply to addresses and maybe pings the reply to server or sends a confirming email and waits for it to not bounce before oking the original email. Your suggestions and thoughts are appreciated. James Newton .....jamesnewtonKILLspam@spam@geocities.com 1-619-652-0593 phone