[ExI] Avoiding Spam
efc at disroot.org
efc at disroot.org
Wed Oct 16 13:48:46 UTC 2024
On Wed, 16 Oct 2024, Ben Zaiboc via extropy-chat wrote:
> Can anyone tell me what's wrong with this plan (I'm assuming something
> must be wrong with it, because it's such a simple idea, but I've never
> heard of it being used)?
>
> For every email account you have, you get a 'dark' twin account, the
> address of which is never published (something like
> "bensemaildark at bensdomain.etc", paired with "bensemail at bensdomain.etc".
> In fact, you don't even need to know it yourself). This means that
> nobody will ever send an email to that address - except for spammers.
> Incoming mail to both accounts is hashed, the hashes compared between
> the two accounts, and any matches indicate spam, which can be deleted
> from the 'real' account on the server, before it even gets to your local
> inbox.
>
> The only downside I can see is the extra processing needed on the mail
> server. If that seems likely to be a problem, it could be implemented
> locally, and the overhead is yours, not the providers. Spam would get
> downloaded, then immediately deleted, so at least you wouldn't see it.
>
> There might be a problem with the hash function, if spam varies
> according to the email address it goes to, but even if this is a thing,
> it's not unsurmountabe.
>
> Any thoughts?
>
> Ben
Well, if the address is never published, how would spammers send emails to
it? I don't think they generate random combinations of recipients per
domain. Usually their targets emails come from web scraping, leaked
password files (where your email is present as a login), and some times
some common guesses per domain such as "info, hello, sales" etc.
On the other hand, if you made sure that _both_ email addresses are
present in a lot of spammy places and lists, so that all spammers send
their emails to both accounts, while your friends only have _one_ account,
I could see this working somewhat, based on the condition that the
spammers do hit both accounts when they send out their messages.
Other ways I've heard about to fight spam is just white listing + an
active response required.
The idea is that everything is blacklisted except your friends. If someone
sends an email, they get an automated response along the lines of:
"Hello, I get a lot of spam, so in order to reach my white list, please
solve this simple equation and submit the result through this link."
If they do, they get white listed or you atleast get the choice of doing
it. The idea is of course that few spammers are interested enough in
adding only one email to their repository, to actually go through that
process. You could have other challenges such as "send me another email
within 4 minutes to get white listed" built on the idea that the spammers
aren't sitting and monitoring live when sending out, but sit back and
collect all the answers after their account.
Finally, I'm not so sure spam is that big of a problem. I get perhaps 1
spam message every 5 or 6 months, and I can live with that. _But_, I'm
extremely careful where I register and show my email address, so that is
probably a big contributing factor.
Best regards,
Daniel
More information about the extropy-chat
mailing list