[extropy-chat] About SPAM again

Alan Eliasen eliasen at mindspring.com
Fri Jan 23 03:35:11 UTC 2004


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


> Robert replied:
>>Microsoft (and others?) have a proposal (the Penny Black
>>project) out that
>>would force unsolicited incoming emails to consume something
>>like 10 seconds
>>of CPU time on the sender CPU before they are accepted.  I
>>think this might
>>be problematic for managers of large mailing lists.

Emlyn O'regan wrote:
> Horrible solution, for the reason you've just suggested. Email's broadcast
> mechanisms are useful.

   Naw.  Just have a white-list.  Mail from friends, cow-orkers, or the
extropy-chat list goes through unchecked.  Your spam filter can be configured
to allow or disallow anything it wants.  And it probably isn't prohibitive for
a list server to generate even a rather expensive hash value the *first* time
it needs to contact you, (new people are added to most legitimate mail lists
rather infrequently) if you subsequently whitelist it and don't require the
hash afterwards.

   My spam filters are pretty smart, and can learn for themselves.  It's
already learned that this "Emlyn O'Regan" is a wonderful person and has
automatically white-listed you.  On the other hand, it wasn't yet sure about
this "Karen Rand Smigrodzki" that I just received e-mail from for the first
time, so it hasn't whitelisted her yet, but it may soon.  Here's how it works:

   http://wiki.spamassassin.org/w/AutoWhitelist

   It's neat, because then my friends can still send me messages containing
the name of those medications that spammers hock, and they still get through.

   Most of this will probably be transparent in the next generation of e-mail
tools, just as my spam filters are largely transparent already.

   If it's from somebody you've never heard of, you (or your mail server,
which is a better place if someone's dictionary-attacking you) can challenge
it and require a hash to be generated.  You could even escalate the challenge
if the incoming mail sets off your Bayesian filters.  (That is, if it has
known spammer topics in the message.)

> Anyway, how do you define unsolicited email at that level?

   I guess anyone I've never heard from before, or, say, from a list I didn't
approve is "unsolicited."  That, of course, causes potential problems early on
in the adoption process if people don't have hashcash-aware mail clients.  But
that's okay.  I can still do what I'm doing now and filter questionable
e-mails into a box that I check less often.

- --
  Alan Eliasen                 | "You cannot reason a person out of a
  eliasen at mindspring.com       |  position he did not reason himself
  http://futureboy.homeip.net/ |  into in the first place."
                               |     --Jonathan Swift
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (MingW32)

iD8DBQFAEJZt5IGEtbBWdrERAtIRAJ9S59rWe4cOdVF1YfpcYYyfRROU6ACgtY0b
PB11vqd/CAUTg3qBKP8grkM=
=AgSy
-----END PGP SIGNATURE-----



More information about the extropy-chat mailing list