[108293] in Cypherpunks
Re: Idea to eliminate most spam on mailing lists [CPUNK]
daemon@ATHENA.MIT.EDU (Trei, Peter)
Thu Feb 11 09:43:19 1999
From: "Trei, Peter" <ptrei@securitydynamics.com>
To: cypherpunks@cyberpass.net
Date: Thu, 11 Feb 1999 09:33:08 -0500
Reply-To: "Trei, Peter" <ptrei@securitydynamics.com>
Folks:
Look at the subject line. It says: "Idea to eliminate
MOST spam on mailing lists."
Perfection is not required. This seems a perfect example
of the old maxim "The best is the enemy of the good".
We could eliminate 90%+ of the spam on mailing lists
simply be appending a keyword (as I have appended
'[CPUNK]') to the subject of list messages.
We could eliminate 99% by PGP signing with a well
known public/private key pair.
Yes, it's possible that some spam list company will
one day come out with spamming software that can
handle either of these requirements automatically.
But it's not (very) important. Spam software companies
operate by selling spammers CDROMS with lists of addresses
and canned SW. If we start to get spam, we change the keyword
and/or publish a new keypair. It'd take months for
the spammers to catch up - it's not economical for them to
worry about losing a few hundred readers among the millions
There is NO way we can prevent a really determined user
from sending off-topic posts to the cypherpunks lists,
given our special constraints.
What we CAN effectivly eliminate is automated spam mail
which is not targeted to our list in particular.
This would be more than good enough. Think of a keyword
requirement as a bit like 'The Club' car antitheft device.
The Club makes your car harder enough to steal that most
theives will bypass it for easier targets. It does not
have to make your car totally impossible to steal to achieve
this. Similarly, a keyword requirement makes the list
harder enough to spam that most spammers will not bother
(or be able to keep up with changes).
Let's not let the relentless pursuit of perfection prevent
us from taking an easy and very (though not totally)
effective measure.
Peter Trei
ptrei@securitydynamics.com
