On Tue, 16 Jul 2002 18:55:52 -0400 Jay R Ashworth <jra@baylink.com> wrote:

On Tue, Jul 16, 2002 at 10:58:00AM -0700, Chuq Von Rospach wrote:

Automatically verifying PGP sigs as a whitelisting technique is merely one approach that springs to mind. There are many more.

Nothing prevents SPAMmers from creating endless addresses and GPG keys which they register with the various key servers, and they will once that barrier becomes popular enough to notice.

Yeah, but the Outhouse and OE teams aren't ever going there, and they're your problem.

No, they're merely the most visible manifestation. Address collection by MUAs is not new, and most of the other big Windows MUAs either do it as well, or can be relied upon adding that feature in the next 18 months.

Do you have documentary evidence, Chuq, that web harversters are the *only* way that *a majority* of the spam-complainers addresses could have gotten on those lists? Have you created test-accounts? Not 1 or 2; a couple dozen, in different places?

I've created a set of addresses on Kanga.Nu which pipe direct into razor-report. Those addresses are __ONLY__ visible on the relevant web pages. Each of them gets an average of 10 SPAM a day -- and those addresses are less than 6 months old.

-- J C Lawrence
---------(*) Satan, oscillate my metallic sonatas. claw@kanga.nu He lived as a devil, eh?
http://www.kanga.nu/~claw/ Evil is a name of a foeman, as I live.