-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, Sep 23, 2003 at 01:16:38PM -0600, Jacob Anawalt wrote: > To me the big question is how do I avoid the spam in the first place, > besides avoiding email all together?
Become an extremely hostile target. Report all mail and news abuse ASAP. http://spamcop.net/ and http://www.abuse.net/ are both excellent resources for getting ahold of admins. If you run your own mail server, exim has excellent controls for curbing spam. exim4 and sa-exim work beautifully together. I'd love to know how to get clamav to work, maybe this would be a good feature for sa-exim. > We've all done or seen people do this: jacob at cachevalley dot com, > [EMAIL PROTECTED], [EMAIL PROTECTED], etc. Munging considered harmful. http://www.interhack.net/pubs/munging-harmful > I've already mentioned the web authorization idea and the rotate your > email address on some schedule ideas in another thread. Challenge-response considered harmful, read the archives. Rotating your email address is another great way to lose legitimate email without affecting the problem itself. > I've even seen a web site go so far as to use a .js file function to > put together the email address from a bunch of fragments when you > click the mailto link. That would take more work to parse, but it is > still possible by having an email grabbing webbot that can run > javascript. Not to mention break the functionality for people who do not have JS capable browsers. > The mail server would need to have access to my personal list of > acceptable email addresses so it could give a 550 with the appropriate > extended SMTP code for unauthorized/security and an appropriate error > message after the HELO and MAIL FROM and RCPT TO: have been given. It > should only do this for mail accounts that have entries in the safe list. > If your list is empty, all email is valid. If you have one or more > entries, only those ones can send you email. spamassassin does something similar with sa-exim. > If you're sick of getting swamped (as a user or admin) wouldn't this setup > be usefull? An ISP could encourage users to use [EMAIL PROTECTED] for > email addresses that are going to be used on usenet or public mailing > lists. The new email address could just dump into the real address after > the mailing list rules were validated, or it could be it's own account and > mailbox. Variation on munging... > The sad part is that I've already squandered my username at this email > address by putting it where it can be harvested in mass by worm/virus and > UCE/UBE collection scripts, and I had already read an article cautioning > me against this. Oh well live and learn (someday I'll learn anyway.) I've had this email address for about a year, and before that, I had [EMAIL PROTECTED] for about 6 years before a buddy bought me a Canadian domain name for me. Don't hide, *TAKE ACTION*. - -- .''`. Paul Johnson <[EMAIL PROTECTED]> : :' : `. `'` proud Debian admin and user `- Debian - when you have better things to do than fix a system -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQE/c/gmUzgNqloQMwcRApExAJ4xnFfHTu4F9M97qDL0Qqb5GCLQswCg2t2f HTubkUQtstseTVZBUR955dk= =r6Ev -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
