Great Circle Associates List-Managers
(April 1996)
 

Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]

Subject: Re: About the magazine spam
From: "Brad Knowles" <brad @ azathoth . ops . aol . com>
Organization: America Online, Inc.
Date: Fri, 12 Apr 1996 13:03:39 -0400
To: James Lick <jlick @ shoreside . com>
Cc: aks @ dokoka . ucsb . edu, List-Managers @ GreatCircle . COM
In-reply-to: James Lick <jlick@shoreside.com> "Re: About the magazine spam" (Apr 12, 2:41am)
References: <Pine.SOL.3.91.960412013643.5219C-100000@shoreside.com>
Reply-to: BKnowles @ aol . net

-----BEGIN PGP SIGNED MESSAGE-----

On Apr 12,  2:41am, James Lick wrote:

> These are three real actual examples of what is being griped about.  I'd
> be extremely happy if I could configure sendmail in some way such that if
> it receives a network messages, it is marked as "dirty" until it is
> evaluated as coming from a site we relay from, or it is evaluated as going
> to a site we relay to, or it goes through a local address expansion at
> which point it is marked clean.

    There's another way to fix the list-managers part of this problem.

    Once you're subscribed, require that unsubscribe requests come in
cryptographically signed (maybe only if the original request was
cryptographically signed).  For those "insecure" subscriptions, give
the user a password that they can change (and hopefully remember), but
that have to be used any time they want to change their subscription
status on the list (i.e., they could probably change from digest mode
to reflector mode without requiring the password, but setting "NOMAIL"
would require the password).


    As for the relay problem, I think the key is to be able to set a
database that defines domains that you choose to relay to and/or from
(or choose not to relay to and/or from, as the case may be), and then
build into check_compat() the necessary robust code to enforce those
rules.


    Combine these, and I think you deal with the majority of the spam
and velveeta generated today.  Then you get to have fun with junkmail
and people who forge bogus headers so that they don't ever have to
worry about dealing with any of their bounces or the expensive job of
cleaning up their mailing list.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMW6MwiG1aeLjjM7xAQFyAAgAiBemNc6xiFrqr+RTJ+Np6tdNULnJx7d7
EpRFT7oN50sHV5E0uj0Dn3nEWBHVMykyn1VxHAn0/cM1O6R18nHMR6z8HqF59V48
erH4lk/hiVB31Loip0EdpeaBlQr9Ud48yQ7c62+hjhgo1984q/HRsvZWiRLcXPvE
i4DtXYAsR1OXpJYJAR4CJTbI4Ui79cYUjYmJ1f3uvboLaqT1RmFL2gcEta6Tg2YG
v39syj7+yoU94GozpBRdSzNpcLftLZb2QoHiKIc/A5jqw6jzQ0yEr+49iXtRBtBa
XP59dmX45oqE0uT+k2ZO/VOEI99TJiDulSvw0ayF2wGTj4P5M7BQPQ==
=Eapg
-----END PGP SIGNATURE-----

-- 
Brad Knowles                           MIME/PGP: BKnowles@aol.net
    Mail Systems Administrator        <http://www.his.com/~brad/>
    for America Online, Inc.                   Ph: (703) 453-4148
	PGP keys available from pgp-public-keys@pgp.ai.mit.edu


References:
Indexed By Date Previous: Re: About the magazine spam
From: "Brad Knowles" <brad@azathoth.ops.aol.com>
Next: Subscriber not here
From: Rae French <rfrench@teleport.com>
Indexed By Thread Previous: Re: About the magazine spam
From: James Lick <jlick@shoreside.com>
Next: Re: About the magazine spam
From: srb@cuci.nl (Stephen R. van den Berg)

Google
 
Search Internet Search www.greatcircle.com