I'd have to caution against ever responding to any UCE.

Your response is unlikely to ever been seen by human eyes, much less acted upon in th eway you would hope. Any form of response is only ever likely to be read by a computer which will simply transfer the email address from the "possibles" list, to the "Hey, We got a real live, living mug" list.

I'm afraid I don't have an answer for you, and I seriously do not envy you the task of protecting your kids from this sort of stuff.

I have a half-cocked notion that the only real way to protect them is to show them the stuff, explain it to them, explain why the parasites that send it do so.

Perhaps, by getting it into the open, raising the subject to the level of "stupid adult stuff" that they can talk (and laugh about) with you, you can make it become as insignificant as many of the other irritations of daily life are, rather than allowing it to become a "super secret" that they will try to hide from you.

There I go, moving into an area of life, child rearing, for which I am totally unqualified to express an opinion.

There I go, moving into an area of life, child rearing, for which I am totally unqualified to express an opinion.

Aren't we all? As a father of five, I still move into such areas all the time. Like this...

You have a very good point there. And I'll certanly give this a serious thought before starting my code editor. Getting the public address to a "live" list would not be such a good idea.

rather than allowing it to become a "super secret" that they will try to hide from you.

Well, my children have full access to the internet (web) (I don't even snort the traffic) so they can watch pretty much whatever they like without me knowing. If they choose to watch some "inappropriate" stuff, it's a bad choise, but it's their choise. I just want to stop the bad choises from hitting them when they make want to make a good choise.

/brother t0mas

I just want to stop the bad choises from hitting them when they make want to make a good choise.

Well... I get lots of spam just because I published source code on CPAN. I tend to think that participation on the internet precludes any exclusionary mind set absent a human filter. You could pre-vet their e-mail for them if you really needed to, its not as if SpamAssassin is all that great anyway.

There's no problem with responding to spam if you are using a challenge-response authentication system. If the spammer doesn't respond back properly (which he won't, since the pammer is a program routing mail through China and using a fake MSN address), you will never see any of his mail. He can send you offers all day and they will never reach your inbox.

Whilst it is true that you will block that one email address, and therefore never receive (or at least see) stuff from that source again, the fact that you have responded means that your email address in live.

So, not only will that spammer ensure that he spams you from the next 10 50 100 email addresses he creates for his spamming, the fact that he can list a response from that address along with the address, means that he can charge premium rates for it when he sells it as a "known live" address to other spammers.

---

Examine what is said, not who speaks.
"Efficiency is intelligent laziness." -David Dunham
"When I'm working on a problem, I never think about beauty. I think only how to solve the problem. But when I have finished, if the solution is not beautiful, I know it is wrong." -Richard Buckminster Fuller

As perrin pointed out, no serious spammer uses valid sender addresses in their mail these days. Replying to spam will result in a bounce far more likely than confirming your email address as live. Challenge response systems won't expose you to more spam, they will however roughly at least double and may even quadruple your mail traffic (depending on how many different partners you correspond with).

Makeshifts last the longest.

One thing to consider is, will Mozilla (or your spam protector) automatically add recipients of your outgoing mail to the whitelist?

If this is not the case, prepare for a lot of unanswered questions. I will not authenticate myself if you sent me a question and my answer bounces, and it's a matter of courtesy to add people to your whitelist that you send a question to - so this must be automated.

Other than that, I think you are fine as long as you explain (and your child accepts/understands) why you are monitoring your childs email ...

perl -MHTTP::Daemon -MHTTP::Response -MLWP::Simple -e ' ;    # The  
$d = new HTTP::Daemon and fork and getprint $d->url and exit;#spider
($c = $d->accept())->get_request(); $c->send_response( new   #in the
HTTP::Response(200,$_,$_,qq(Just another Perl hacker\n))); ' #  web
[download]

Thanks for your reply Corion.

Yes, Mozilla (at least as I've configured it) automatically adds addresses that you send mail to, to your addressbook.

I really don't want to monitor their mail, I want the process to be automated without me in the middle. The must have their privacy. We have had lots of talks about the internet at our house, and they are fully aware that some pages on the internet are not intended for them. I just want to keep theese pages from hitting them when they don't want them.


/brother t0mas

Wow. What a tough problem. It's also one that I'll have to try to deal with in a few years so I especially appreciate you paving the way. ;-)

I think the use of SpamAssassin and Mozilla is a good starting point.

I have the same reservations about automated replies that BrowserUk voiced. But if you do go that route, FIGlet might not be the best choice. A figlet "encoded" string might be almost decipherable to someone who views it in something other than a fixed width font.

-sauoq
"My two cents aren't worth a dime.";

A figlet "encoded" string might be almost decipherable to someone who views it in something other than a fixed width font.

Ah, somthing else I didn't think about! I only use fixed font plain text viewing myself...

I thought of FIGlets since they are easy to create, easy to read by the human eye, but require work to decode by a computer, and I don't think a mass-mailer would bother to do that.

Thanks for your input.

/brother t0mas

It's a bit complicated, as it might require some more time that it should for e-mails from unknown senders to get to your child. Anyhow, most legitimate people will probably reply, so your solution is probably going to work.

The only thing is that sometimes, by replying to spammers, you let them know that you use that address, so it becomes more valuable (and used) by them, that is to say your spam amount may grow. But, then, it's a minor problem: it always grows anyway. :-(

Michele.

You have the same valid point as BrowserUk have in Re: OT: Spam protection and I'll take this into account. Thanks

But, then, it's a minor problem: it always grows anyway. :-(

Yes, it does, doesn't it... my Spam folder contains 2529 spam mails as of today.

Update: 2530 :-(

/brother t0mas

I've had some thoughts about having web based validation of mails instead of a reply-to validation mail, but I discarded that idea since I think it will require more work than validation mails, and I'm lazy :)

If for some reasons (like using non-fixed fonts), a person can't read the FIGlet, a web validation link as an option will be a good idea. So now I may end up doing both.

Thanks,

/brother t0mas

I would not be offended by such a "challenge/response" system.

However, I once wrote a similar "challenge/response" program in Pegasus Mail to weed-out spam mail from a number of mailing-lists I am on.

I seemed to have hit a raw nerve with many of the members of these mailing lists. All they had to do was sending a reply with in the body of the message "Please add me to your list".

Far too many to count wrote pages and pages about what a disgrace it was to even dare to think that their sacrosanct messages could be considered spam! I almost had a petition started to remove me from the list.

YMMV, but I would prepare myself for a lot of strange reactions.

CountZero

It is very annoying. Some chap with a challenge response system pestered everyone on the perl5-porters list with his messages. Do you have even a faint idea of how much traffic it would generate if everyone on a high-traffic list (which p5p definitely qualifies as) used such a system? On a challenge response system's Freshmeat project page, someone reported his experience trying to run it on a company mailserver to reduce the time wasted with spam, and said (besides annoying some customers and business partners) it nearly quadrupled his mail traffic due to all the extra mails a single message generated, to the point where the server was no longer able to handle it. He was forced to revert to traditional filtering methods.

Makeshifts last the longest.

I see, but to my defence, it was not a high traffic mail-list and the challenge went only out to "suspect" addresses ("hotmail" accounts and similar throw-away addresses)

Of course the challenge was not posted to the list, although the answers of those who were challenged did make it to the list!

Now I have given up on the challenge-response system and use a Bayesian (not sure about the spelling here!) filter which filters better than 98% of all spam.

Strange as it may seem, now that my ISP has installed their own anti-spam protection scheme, the efficiency of my local filtering system dropped.

CountZero

"If you have four groups working on a compiler, you'll get a 4-pass compiler." - Conway's Law

It can be made less annoying if you just use the challange/responce once to verify each new email address that send to the list. Reply back with a message that has a encoded url that verifies the email address as "ok" and also maybe have a way to reply to the message as an ok trigger. to quadruple the number of messages you are sending would be impossible. Worst case you would send two times as many messages assuming that there is never a repeat poster on the list.
it looks like this:
• New_person@me.org sends an email to the list
• The list notices that New_person@me.org has never been authed before.
• It moves the message from the active queue to a hold queue
• It adds a entry to the auth system db with the queue ID.
• Generates a message to the sender with a url like http://mylist.org/authrequest/12314hb4ds54 and a tag in the message so he can reply to get auth and instructions.
• New_person@me.org gets the auth request and clicks on the URL.
• The auth DB is updated and the hold queue message is released, the "New_person@me.org" is placed in the authenticated db.
• New_person@me.org sends another message to the list the mail server sees that the email address has been verified and the email is allowed through.
• Daily a cron job rotates through the hold queue deleting mail that has been there for more than 1 week without being authenticated.


If that process puts too much load on your email server there is something wrong, There is no way that method could be more intensive than SpamAssasin or some other filter software.


-Waswas