Great Circle Associates List-Managers
(December 1994)
 

Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]

Subject: "Spam Protection" -- can we automate it?
From: Norm Aleks <naleks @ Library . UMMED . EDU>
Date: Tue, 13 Dec 1994 13:29:32 -0500 (EST)
To: list-managers @ greatcircle . com

[ I have also posted this message to comp.mail.list-admin.software.  It's
hard for me to manage this in a clean way so you'll see it twice.  Sorry.]

Well, another annoying spam has just gone out (the "computer inventory
liquidation" one, from ix.netcom.com), posted to dozens of lists.  This
will only happen more frequently -- what can we do about it?  Anyone whose
lists are publicly known is going to get hit sooner or later.

One possibility is to restrict who can post messages, either to subscribers
of the list or to a list moderator.  List moderation almost certainly
solves the problem, but also changes the dynamics of a list in a way that
some don't want.  Restricting to members of the list is also sometimes not
what people want.  But these are solutions we can use right now.

I have started thinking about fancier ways of blocking spams ... could it
be automated?  My thought is to go through a process something like this:
before distributing a message, calculate an MD5 checksum on the message
body.  Then send a packet to some central "spam protection" server, telling
it your list name, the checksum, and the sender address; the
spam-protection server will reply back with some information like this:

                        Msgs w/this checksum      Msgs from this sender
in the past hour             # of lists                 # of lists
in the past 24 hrs           # of lists                 # of lists

A sample suspicious response might be "the same message has been posted to
99 lists in the past hour, and to 400 lists in the past 24 hours; this
sender has posted messages to 179 lists in the past hour, and to 892 lists
in the past 24 hours."  If your MLM got back a reply like that, it might
very well decide not to distribute the message.

It seems something like this could help avoid the BIG spams ... of course
it wouldn't help the first few lists that got hit.

In terms of performance ...  there probably would need to be several
regional servers, which could then talk to each other, but that's more of a
network load issue than a server load issue.  In eyeballing the numbers of
requests we could expect, it seems to me the load on the spam-protection
server would be less than that on a moderately busy DNS.

What do you think?  It would be particularly interesting to hear from MLM
authors whether this sounds implementable ...

Norm


Indexed By Date Previous: anyone got an anti-spam filter?
From: scott @ loc3 . tandem . com (mueller_scott)
Next: "Spam Protection" - Infrastructure vs policy
From: Kenneth . Kron @ EBay . Sun . COM (Kenneth Kron - Network Security)
Indexed By Thread Previous: anyone got an anti-spam filter?
From: scott @ loc3 . tandem . com (mueller_scott)
Next: "Spam Protection" - Infrastructure vs policy
From: Kenneth . Kron @ EBay . Sun . COM (Kenneth Kron - Network Security)

Google
 
Search Internet Search www.greatcircle.com