Tanstaafl writes:
On 2012-11-13 1:52 AM, Mark Sapiro mark@msapiro.net wrote:
If I knew how to tell if a header was spoofed, I could do that, but I don't know how to tell; do you?
Maybe an alternative would be an option that for every message posted to the list, a confirmation email is sent to the members email address,
We already have various challenge-response mechanisms (eg TMDA). They're widely hated even more than spam (eg, I simply drop those correspondents on the floor and add their CR addresses to my killfile in case of inadvertant CCs).
I think the best practical algorithm would look something like the following:
- In the double opt-in process require an email confirmation (not by web). This could also be delayed to first post, but they'll be dealing with the confirmation process in their MUA. This could still be done with a link but it would be a mailto: rather than an http: link.
- Get originator information (From, Sender, envelope sender, and earliest Received, and SPF and DKIM information where available).
- Record the configuration.
- For every post from a member with new originator information, update the member information with a new originator record.
- If spam is received corresponding to an originator record, disable it. This might be automated through the moderation process, or through milters (which one would hope catch most of the spam).
- Analyze originator information and issue a challenge whenever a post claiming to be from a member matches disabled originator information on file. (Definition of "match" is non-trivial and probably necessarily heuristic.) Otherwise approve the post.
- In case of challenge, if an approval response is received, warn the member that their address has been used to spam.
You could try reversing the polarity of step 5, and require confirmation for every new originator record. But that would probably be too annoying. Too many people have multiple locations they post from, even if they use only one address.
that they then have to click a link to 'approve' sending the message, just like how subscribes/unsubscribes have to confirmed.
Maybe this could even be extended with some kind of way of cahing the source IP of approved messages,
I don't think this is an extension, I think it's absolutely necessary.
I also just noticed the option under the Privacy > Spam controls in the GUI under 'Legacy anti-spam filters' where I can enter the listname itself, to prevent anyone sending spoofed messages from the list to the list.
Maybe this should be on by default.
Steve