Great Circle Associates List-Managers
(December 1994)
 

Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]

Subject: "Spam Protection" - Infrastructure vs policy
From: Kenneth . Kron @ EBay . Sun . COM (Kenneth Kron - Network Security)
Date: Tue, 13 Dec 1994 13:21:41 -0800
To: list-managers @ greatcircle . com

While the "Global Spam Protection" proposal is intellectually
interesting I just don't see people donating and maintaining enough
"SPAM" servers for it to work.


Here's my alternate proposal.

I think the solution that will work for most lists is to setup your
list(s) as a "members only" list.  So only members are allowed to
post.

It will stop both non-commercial SPAM, subscribe requests that get
posted to the list and also handle commercial SPAM.  If you wanted to
get really paranoid you could put all *new* members on a separate
moderated list and have them automagically migrated after a week or
something.  This would stop someone from

	subing
	posting SPAM
	unsub subbing

I realize this could still be worked around but that would require more
foresight and planning than most SPAM generators seem capable of :^).


You *might* want to add a "additional accepted addresses list" for
members who have multiple accounts but other than that it should work.

On a personal note what I do with every piece of "SPAM" I recieve is I
respond to it *incuding* the full text of the original messsage and cc
the postmaster at the site.

-----------------
To whom it may concern:

I recently recieved a your unsolicited email message.  Please refrain
from sending me any messages in the future.


Kenneth

<- Original message goes here ->
-----------------


This accomplishes several things.

	1) If there is a postmaster he is aware of the problem and if
	enough people do this he will make sure it stops.

	2) The postmaster gets motiviated to educate his users not to
	do this in the future.  I do not consider this injuring an
	innocent party.  Sites have to take *some level* of
	responsibility for things that occur there.

	3)  It wastes some of the posters time opening reading and
	disposing of the message I sent him back.

	4)  It increases the posters (or his sites) costs for sending
	the message in time, bandwidth, disk space, etc.

The primary reason people post SPAM to the whole worldis because it's
free or nearly free.  If you drive the cost up the incidents will go
down.  Yes it costs the me also but if enough people respond in kind it
wreaks havoc on the sender. 


======================
Kenneth Kron --  Network Security Group
kron @
 aiki .
 ebay .
 sun .
 com
Phone:  408-276-0475

Perhaps the world is a banquet.
Everyone is an invited guest but eventually you're on the menu


> 
> [ I have also posted this message to comp.mail.list-admin.software.  It's
> hard for me to manage this in a clean way so you'll see it twice.  Sorry.]
> 
> Well, another annoying spam has just gone out (the "computer inventory
> liquidation" one, from ix.netcom.com), posted to dozens of lists.  This
> will only happen more frequently -- what can we do about it?  Anyone whose
> lists are publicly known is going to get hit sooner or later.
> 
> One possibility is to restrict who can post messages, either to subscribers
> of the list or to a list moderator.  List moderation almost certainly
> solves the problem, but also changes the dynamics of a list in a way that
> some don't want.  Restricting to members of the list is also sometimes not
> what people want.  But these are solutions we can use right now.
> 
> I have started thinking about fancier ways of blocking spams ... could it
> be automated?  My thought is to go through a process something like this:
> before distributing a message, calculate an MD5 checksum on the message
> body.  Then send a packet to some central "spam protection" server, telling
> it your list name, the checksum, and the sender address; the
> spam-protection server will reply back with some information like this:
> 
>                         Msgs w/this checksum      Msgs from this sender
> in the past hour             # of lists                 # of lists
> in the past 24 hrs           # of lists                 # of lists
> 
> A sample suspicious response might be "the same message has been posted to
> 99 lists in the past hour, and to 400 lists in the past 24 hours; this
> sender has posted messages to 179 lists in the past hour, and to 892 lists
> in the past 24 hours."  If your MLM got back a reply like that, it might
> very well decide not to distribute the message.
> 
> It seems something like this could help avoid the BIG spams ... of course
> it wouldn't help the first few lists that got hit.
> 
> In terms of performance ...  there probably would need to be several
> regional servers, which could then talk to each other, but that's more of a
> network load issue than a server load issue.  In eyeballing the numbers of
> requests we could expect, it seems to me the load on the spam-protection
> server would be less than that on a moderately busy DNS.
> 
> What do you think?  It would be particularly interesting to hear from MLM
> authors whether this sounds implementable ...
> 
> Norm
> 

Indexed By Date Previous: "Spam Protection" -- can we automate it?
From: Norm Aleks <naleks @ Library . UMMED . EDU>
Next: Charge for Spamming and it will go away
From: Michael Rutman <moose @ svcdudes . com>
Indexed By Thread Previous: "Spam Protection" -- can we automate it?
From: Norm Aleks <naleks @ Library . UMMED . EDU>
Next: Charge for Spamming and it will go away
From: Michael Rutman <moose @ svcdudes . com>

Google
 
Search Internet Search www.greatcircle.com