[108087] in Cypherpunks
Re: Idea to eliminate most spam on mailing lists [CP]
daemon@ATHENA.MIT.EDU (Bill Stewart)
Thu Feb 4 00:33:57 1999
Date: Wed, 03 Feb 1999 18:16:45 -0800
To: cypherpunks@cyberpass.net
From: Bill Stewart <bill.stewart@pobox.com>
In-Reply-To: <36B82A5E.4157CD58@wlwonline.de>
Reply-To: Bill Stewart <bill.stewart@pobox.com>
>Trei, Peter wrote:
>> Another solution would be to require all postings to be signed (and/or
>> encrypted) by a well-known or published private key (such as the
>> cracked Blacknet key) specific to the list. While most 'legitimate users"
>> would have no problem doing this, no spammer can spend the time to
>> sign messages.
At 11:52 AM 2/3/99 +0100, Tom Vogt wrote:
>actually, requiring all postings to be signed by a valid (see below) key
>would be enough. that would a) eliminate most spam because of the
One reason spammers target mailing lists is that they can hit
hundreds of recipients per outgoing message, so time is less of an issue.
The real advantage is that it keeps ahead of the spamware vendors,
who now need to do more than simple harvesting to get the keys.
Simply encrypting to the listbot's public key is about as effective
as signatures, and cleaner than distributing the "Secret Handshake" key,
though it gets a bit complicated for the cypherpunks distributed-listbot approach
(e.g. if you also accept unencrypted messages from the other
cypherpunks listbots, they're the obvious sender to forge.)
There are some problems - the CPU time required by the listbot
isn't too big for normal traffic (probably less than managing the mail),
but it's a problem for denial-of-service attacks, since the attacker
can encrypt a message once and send many copies (with different Message-IDs)
which each need to be decrypted before discarding them.
And of course, the spammer can encrypt the message body just once,
and only has to do the public-key part multiple times.
If you restrict mail to signed messages from already-known keys,
that does have the advantage that a spammer has to send keys first,
so spamming is a two-step policy. But then the spammer can
sign the message once and send copies to all the targets; it's no win.
Also, spamware vendors could register the keys with the listserv,
and sell "higher-quality registered mailing list addresses",
which might reduce the number of anklebiters willing to buy the list.
Getting fancy by requiring the keys's name fields to contain the list name
is possible (somewhat increases the registration workload,
and of course requires senders to create an extra key.)
Alternatively, you could require the message to be signed by a known key
and to contain "To: listname" in the message body.
There's also the D-o-S attack of sending large numbers of keys,
such as the entire MIT Keyserver's collection,
which not only takes a long time to process, but also makes it
much slower for the listbot's PGP to search its keyring,
if it's still using flat-file keyrings.
The simple "tag the Subject: line with the magic string"
is a start, since each list would presumably want a different one,
but that's too easy to program around - there are already
spamwarez that personalize the message body with "Dear <recipientname>",
and it's trivial to add personalized Subject lines.
Thanks!
Bill
Bill Stewart, bill.stewart@pobox.com
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
