[108017] in Cypherpunks
Re: Idea to eliminate most spam on mailing lists [CP]
daemon@ATHENA.MIT.EDU (Trei, Peter)
Mon Feb 1 11:11:52 1999
From: "Trei, Peter" <ptrei@securitydynamics.com>
To: "'cypherpunks@cyberpass.net'" <cypherpunks@cyberpass.net>
Date: Mon, 1 Feb 1999 11:00:53 -0500
Reply-To: "Trei, Peter" <ptrei@securitydynamics.com>
Actually, in practice codephrase systems work pretty well. There are
a number of Usenet newsgroups where the users include a keyword
in the Subject: line of the posting. I've seen very little spam which
misuses the keyword system.
In general, spammers are not going to take special action for particular
newsgroups and mailing addresses - it's far too costly in terms of
maintenance. They try to make their messages appear to be of interest
to as many people as possible, using subject lines such as "In reply to
your mail" or "your site". Any kind of custom processing is very
expensive when applied to thousands or millions of addresses.
Another solution would be to require all postings to be signed (and/or
encrypted) by a well-known or published private key (such as the
cracked Blacknet key) specific to the list. While most 'legitimate users"
would have no problem doing this, no spammer can spend the time to
sign messages.
Notice that I've appended the subject line of this message with [CP]
If everyone did this, you could use it as a filter (it's at the end so as
not
to break message sorting).
Peter Trei
> -----Original Message-----
> From: Michael Hohensee [SMTP:michael@sparta.mainstream.net]
> Sent: Saturday, January 30, 1999 1:28 PM
> To: cypherpunks@cyberpass.net
> Subject: Re: Idea to eliminate most spam on mailing lists
>
> Jay Holovacs wrote:
> >
> > At 05:11 AM 1/30/99 +0000, Michael Hohensee wrote:
> > >
> > >
> > >It would, for about 15 seconds, when some enterprising spammer noticed
> > >this and included it in his spam. Even if the passphrases were
> > >different for each mailing list, it wouldn't take much to write a
> > >program which monitors list traffic searching for such patterns, and
> > >which incorporates said patterns into subsequent spam to that address.
> > >
> > Probably not. Most spammers are not looking at individual mailings and
> > certainly not checking to see if a particular spam made it through a
> > particular listserver then rewriting it to do so. They are doing a
> shotgun
> > approach.
> >
>
> Right now they are, yes. But if a system like the one Stephen suggests
> becomes widely used, there will be an incentive to write a program like
> the one I've described above, it will get written, and voila, the
> authentication method is nullified.
