Whitelist/verification spam filters

Paul Rubin phr-n2002b at NOSPAMnightsong.com
Wed Aug 28 03:16:17 CEST 2002


Gerhard Häring <gerhard.haering at gmx.de> writes:
> Bad idea! Some people like to post to Usenet with forged From:
> headers, like <no at spam.com> and other such nonsense. This is bad for
> several reasons: first, it violates the standard for conduct on
> Usenet, RFC1036. Second, it is considered antisocial behavior, as it
> makes it very difficult or impossible for legitimate users to get in
> touch with the poster via private email. Third, not posting with one's
> legitimate email address and full name tends to reduce the credibility
> of one's posts. Finally, if not done properly, this sort of activity
> will cause excessive use and abuse of someone else's resources.

I'm not persuaded by that.
1) RFC1036 was written at a time when there wasn't so much spamming.
   Solution is revise RFC1036 to reflect present reality, not punish
   users with spam.
2) It's not THAT difficult to unmung an address in the rare instances
   when there's a good reason to respond to a news post privately.
   However, I could see generating a one-off reply address if I
   post something soliciting private replies.
3) That's illogical.  I see lots of people posting with munged addresses
   and don't see that as lowering their credibility at all.  Posting
   with no name decreases credibility somewhat, but who knows whether
   anyone's posting name is actually their real name?  Anyway, the
   quality of someone's posts is a far greater determiner of credibility
   than the name or handle they post under.
4) If not done properly, some resources might get used in bouncing
   email to an improperly munged address.  But if not munged at all,
   even more resources will be wasted delivering spam to the unmunged
   address and cleaning it up after it's delivered.

> 
> There are better ways to reduce spam.
> 
> - Want no private replies /at all/? Use an .invalid TLD, like
>   no at replies.invalid. This will bounce immediately _and_ some good
>   MUAs will warn you before sending that the address is in fact
>   invalid.

Yes, I might switch to that.  I see it as a more extreme measure
than munging, but extreme measures are sometimes called for.

> - Want to read replies? On usenet, use a valid email in From, that you
>   even won't ever need to read. Use a valid email that you will read
>   in the Reply-To header. Reason: Spammers collect addresses by
>   sending XOVER requests to newsservers. Reply-To is not among the
>   headers sent by the XOVER command. To get at the Reply-To header is
>   thus more costly and (almost) nobody does so.

I'm skeptical of that.  Maybe it was true years ago when bandwidth
cost more.  Spammers are really aggressive now.  They even spider web
sites looking for addresses.



More information about the Python-list mailing list