Sender: crough45 AT amc DOT de Date: Tue, 15 Apr 1997 11:26:41 +0100 From: Chris Croughton Mime-Version: 1.0 To: Anthony DOT Appleyard AT umist DOT ac DOT uk Cc: DJGPP AT delorie DOT com Subject: Re: Spam Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-Id: <97Apr15.122411gmt+0100.21896@internet01.amc.de> Anthony.Appleyard wrote: > User X sends a message to techdiver. > Techdiver bounces the message to X's apparent email address, with an >instruction to send back within 2 days or so a special instruction authorizing >the message, with a serial number which varies unpredictably between messages. > User X sends that authorizing message, with the serial number statedq as a >parameter. > Techdiver THEN circulates the message. > >This eliminates all spammers etc who put false From: addresses on their >messages. And probably eliminates 90% of the legitimate traffic as well. It's like putting 19 locks on your front door, after a while it gets cheaper to move somewhere else. It also reminds me of one proposal during WW2. To stop enemy paratroops it was suggested that the airfields be covered with spikes. Of course, this might have an effect on the aircraft you want to land; the reponse was "wouldn't it be simpler to surrender first?". If I had to respond and authenticate every message I sent I'd pretty soon just not bother, and set up a FIDO node instead. The delay's bad enough as it is with some email servers (not delorie.com, admittedly, this one's about the fastest I've seen; I'm on one from std.world.com which can take a day just to transfer a message internally)... A better way that I've seen is only to accept messages from subscribed addresses. That still doesn't stop people forging 'from' lines but it does mean that they have to do more work and it's generally not worth them doing it. Chris