From: kevin lyda (kevin+dated+1027849246.18f3b4 at domain linux.ie)
Date: Mon 22 Jul 2002 - 10:40:55 IST
On Sun, Jul 21, 2002 at 11:12:34PM +0100, Paul Jakma wrote:
> oh yes, see you've setup that tdma thingy, so here's a thought. do
> you reckon spammers (or the software they use) is/are smart enough to
>
> s/\(.\)+\+.* at domain \([a-zA-Z\.0-9\-]\)/\1 at domain \2/
>
> on email addresses? it's a fairly old trick, so i dont see why they
> wouldnt.
the dated address that my from appears as is a good address for five days
for anyone. after that it requires a confirm message from the sender.
my regular email address requires a confirm address if i haven't
explicitly given permission to the sender.
and yes, spammers could try to set up a system to reply to my confirm
messages, but that would require them to a) give out a valid email address
in their From headers, and b) use a lot more bandwidth then they do now
(thereby costing them more money).
oh, and they can't forge confirm messages. the confirm message system
works something like this:
message goes in the pending q and is assigned an id.
that id is encrypted and used to create the from address of the
outgoing confirm mail - kevin+confirm+kghdsfg at domain ie.suberic.net
only a message to that address will work to free the message from
the q (or i can free it using tmda-pending).
all of this is discussed on http://tmda.sf.net/
kevin
-- kevin at domain suberic.net that a believer is happier than a skeptic is no more to fork()'ed on 37058400 the point than the fact that a drunken man is happier meatspace place: home than a sober one. the happiness of credulity is a http://ie.suberic.net/~kevin cheap & dangerous quality -- g.b. shaw
This archive was generated by hypermail 2.1.6 : Thu 06 Feb 2003 - 13:18:00 GMT