[ExI] Avoiding Spam

efc at disroot.org efc at disroot.org
Wed Oct 16 13:48:46 UTC 2024



On Wed, 16 Oct 2024, Ben Zaiboc via extropy-chat wrote:

> Can anyone tell me what's wrong with this plan (I'm assuming something 
> must be wrong with it, because it's such a simple idea, but I've never 
> heard of it being used)?
>
> For every email account you have, you get a 'dark' twin account, the 
> address of which is never published (something like 
> "bensemaildark at bensdomain.etc", paired with "bensemail at bensdomain.etc". 
> In fact, you don't even need to know it yourself).  This means that 
> nobody will ever send an email to that address - except for spammers.  
> Incoming mail to both accounts is hashed, the hashes compared between 
> the two accounts, and any matches indicate spam, which can be deleted 
> from the 'real' account on the server, before it even gets to your local 
> inbox.
>
> The only downside I can see is the extra processing needed on the mail 
> server.  If that seems likely to be a problem, it could be implemented 
> locally, and the overhead is yours, not the providers. Spam would get 
> downloaded, then immediately deleted, so at least you wouldn't see it.
>
> There might be a problem with the hash function, if spam varies 
> according to the email address it goes to, but even if this is a thing, 
> it's not unsurmountabe.
>
> Any thoughts?
>
> Ben

Well, if the address is never published, how would spammers send emails to 
it? I don't think they generate random combinations of recipients per 
domain. Usually their targets emails come from web scraping, leaked 
password files (where your email is present as a login), and some times 
some common guesses per domain such as "info, hello, sales" etc.

On the other hand, if you made sure that _both_ email addresses are 
present in a lot of spammy places and lists, so that all spammers send 
their emails to both accounts, while your friends only have _one_ account, 
I could see this working somewhat, based on the condition that the 
spammers do hit both accounts when they send out their messages.

Other ways I've heard about to fight spam is just white listing + an 
active response required.

The idea is that everything is blacklisted except your friends. If someone 
sends an email, they get an automated response along the lines of:

"Hello, I get a lot of spam, so in order to reach my white list, please 
solve this simple equation and submit the result through this link."

If they do, they get white listed or you atleast get the choice of doing 
it. The idea is of course that few spammers are interested enough in 
adding only one email to their repository, to actually go through that 
process. You could have other challenges such as "send me another email 
within 4 minutes to get white listed" built on the idea that the spammers 
aren't sitting and monitoring live when sending out, but sit back and 
collect all the answers after their account.

Finally, I'm not so sure spam is that big of a problem. I get perhaps 1 
spam message every 5 or 6 months, and I can live with that. _But_, I'm 
extremely careful where I register and show my email address, so that is 
probably a big contributing factor.

Best regards,
Daniel


More information about the extropy-chat mailing list