Re^2: OT: Spam protection

It is very annoying. Some chap with a challenge response system pestered everyone on the perl5-porters list with his messages. Do you have even a faint idea of how much traffic it would generate if everyone on a high-traffic list (which p5p definitely qualifies as) used such a system? On a challenge response system's Freshmeat project page, someone reported his experience trying to run it on a company mailserver to reduce the time wasted with spam, and said (besides annoying some customers and business partners) it nearly quadrupled his mail traffic due to all the extra mails a single message generated, to the point where the server was no longer able to handle it. He was forced to revert to traditional filtering methods.

Makeshifts last the longest.

Comment on Re^2: OT: Spam protection

Replies are listed 'Best First'.
Re: Re^2: OT: Spam protection by waswas-fng (Curate) on Nov 24, 2003 at 18:37 UTC
It can be made less annoying if you just use the challange/responce once to verify each new email address that send to the list. Reply back with a message that has a encoded url that verifies the email address as "ok" and also maybe have a way to reply to the message as an ok trigger. to quadruple the number of messages you are sending would be impossible. Worst case you would send two times as many messages assuming that there is never a repeat poster on the list. it looks like this: New_person@me.org sends an email to the list The list notices that New_person@me.org has never been authed before. It moves the message from the active queue to a hold queue It adds a entry to the auth system db with the queue ID. Generates a message to the sender with a url like http://mylist.org/authrequest/12314hb4ds54 and a tag in the message so he can reply to get auth and instructions. New_person@me.org gets the auth request and clicks on the URL. The auth DB is updated and the hold queue message is released, the "New_person@me.org" is placed in the authenticated db. New_person@me.org sends another message to the list the mail server sees that the email address has been verified and the email is allowed through. Daily a cron job rotates through the hold queue deleting mail that has been there for more than 1 week without being authenticated. If that process puts too much load on your email server there is something wrong, There is no way that method could be more intensive than SpamAssasin or some other filter software. -Waswas	[reply]
Re: Re^2: OT: Spam protection by CountZero (Bishop) on Jun 11, 2003 at 09:35 UTC
I see, but to my defence, it was not a high traffic mail-list and the challenge went only out to "suspect" addresses ("hotmail" accounts and similar throw-away addresses) Of course the challenge was not posted to the list, although the answers of those who were challenged did make it to the list! Now I have given up on the challenge-response system and use a Bayesian (not sure about the spelling here!) filter which filters better than 98% of all spam. Strange as it may seem, now that my ISP has installed their own anti-spam protection scheme, the efficiency of my local filtering system dropped. CountZero "If you have four groups working on a compiler, you'll get a 4-pass compiler." - Conway's Law	[reply]