Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Ways to stop spam, detect robotic activity, and actually harm the spam trade, as well as how it works, how to circumvent filters, etc. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
an idea what about it?
Posted by: jungsonn
Date: November 11, 2006 04:44AM

spam sucks, more spam sucks even more.
i've seen a weird trend lately that my personal email adress is on phishingschemes, paypal pyramids, newsgroup free i-pod garbage etc, dunno why but that sucks. I don't get alot of spam btw, think 99% is filtered, still i have an idea, dunno if it's allready outhere.

When making an email someplace, i think if there is a website between the 2 parties that authenticate users to contact you via a onetime pincode, if they have given the pin, the users gets a signiature which then authenticates againt the emaillist and my email account, so no one is allowed to email me unless they got a pin from the special made website who hadles these issues. It's a onetimer only, so not much trouble to do it. After that one can email me forever, unless i go again to that site and block hem or her, then that users will need a new pin but does not get it, cause he or she is blocked.

makes sense? :))

Options: ReplyQuote
Re: an idea what about it?
Posted by: nEUrOO
Date: November 11, 2006 01:27PM

You think about a big service by mail providers which can give or not some kinds of tokens for any users to send email to you ?

If I'm right, it looks like captcha.
Validate your session, while it's valid, flood...
You can be spam until you report it's a spam, that's only need a user/bot that retrieve the pin code I guess.

nEUrOO -- http://rgaucher.info -- http://twitter.com/rgaucher

Options: ReplyQuote
Re: an idea what about it?
Posted by: jungsonn
Date: November 11, 2006 01:47PM

Yeah somthing like it, only i must "flag" the users email when he request a PIN, so nothing can be send to me without my permission. So he could flood my box, but then i "flag" him false in the sys. and that's that, don't think spammers would take such workarround for 1 email?

Options: ReplyQuote
Re: an idea what about it?
Posted by: nEUrOO
Date: November 11, 2006 01:53PM

If there is some notion of cooperation between spammers, there could be.
(one email address can send to you lots of real spam content in lots of email...)

But by the way, I think this kind of techniques that try to test that it's a human... is not a very good orientation for the long term (even if it can be nice for a short life forum/cms/etc.)

nEUrOO -- http://rgaucher.info -- http://twitter.com/rgaucher

Options: ReplyQuote
Re: an idea what about it?
Posted by: maluc
Date: November 11, 2006 02:19PM

maybe i misread, but what i got from it is that he wants to keep only a whitelist of valid email addresses that can send emails to him.. which can already be done manually in many email providers filters section. This solution won't work for everybody though. If its your primary work one and you email many clients or strangers.. expect some non-delivered replies from them :/

It will indeed cut down on the spam you receive, significantly. but also makes you much harder for friends/clients to contact. But i agree it would be nice as an option.. instant message programs all already have this optional whitelist feature - email providers should consider it.

By the way though, like most security-thru-obscurity ideas, spammers will get around it should it catch on. Since this is the email equivalent to a referrer check + cookie check.

-maluc

Options: ReplyQuote
Re: an idea what about it?
Posted by: jungsonn
Date: November 11, 2006 02:33PM

I made a little flowchart to visualize it:


Options: ReplyQuote
Re: an idea what about it?
Posted by: jungsonn
Date: November 12, 2006 07:26AM

Maluc:
Quote

maybe i misread, but what i got from it is that he wants to keep only a whitelist of valid email addresses that can send emails to him.. which can already be done manually in many email providers filters section. This solution won't work for everybody though. If its your primary work one and you email many clients or strangers.. expect some non-delivered replies from them :/

Totally block all mail, send a reply message where they can sign for a key, when they got a key, it's is macthed against his/her e-mail, so next time they can e-mail me forever until i "flag" their key false again in my admin. :)

Quote

It will indeed cut down on the spam you receive, significantly. but also makes you much harder for friends/clients to contact. But i agree it would be nice as an option.. instant message programs all already have this optional whitelist feature - email providers should consider it.

Yes, but a onetime key request, doesn't seem to much of a fuss i guess. If they really wanna mail me, they can do that also for one time only.

Quote

By the way though, like most security-thru-obscurity ideas, spammers will get around it should it catch on. Since this is the email equivalent to a referrer check + cookie check

Not quite, the email is being send to the "keymaker" or "maintainer" like: mynewemail@keymaker.com, and by default everything is blocked, until i log into it and flag the e-mails who may send me mail.

That's about it of my idea.

Options: ReplyQuote
Re: an idea what about it?
Posted by: maluc
Date: November 12, 2006 08:10AM

well you do realize that email addresses can be forged at will right..? i get spam everyday coming from security@paypal.com and tonyblair@parliament.co.uk

should it become commonplace, it's only a matter of time before spammers start obtaining whitelists for each email of return addresses to spoof. Furthermore, worm spams will go unhampered.

As a personal defense for spam it should work great though. But for myself, i send just as many emails to non-friends as i do for friends. So it isn't very feasible for me n others with similar habits.

Oh, a side benefit (or annoyance), is that you can't use this email for signing up for new accounts/forums at websites. So hopefully it will keep your email off spam lists to begin with. ^^

-maluc

Options: ReplyQuote
Re: an idea what about it?
Posted by: jungsonn
Date: November 12, 2006 11:10AM

Yeah i understand what you mean, though with _sending mail_ this is not a problem, only when they first want to e-mail you then there is that extra onetime step.

you could modify records (domains) for a short period (say an hour) in your admin before signing up at a boards. but there are many free emailaccount sites which you can use it for, it's not a good way to store those signup mails anyway in your personal account.

so yeah, i don't see that much limitation.
the strangest thing i thought about is that we must sign into sites to contact people etc, but email is always way open for everyone, thats why SPAM.

i dunno, im willing to make a little step to get a pin and be relieved of spam till the end of my days, seems worth it for me.

Options: ReplyQuote
Re: an idea what about it?
Posted by: apnovi
Date: December 08, 2006 08:16AM

Interesting, im sure i have seen or heard of this idea else were...

I might be wrong..but

If you block all email by default then ask for confirmation of the senders address by some key or code...that might work on a small scale.

What if mail company A and B both run this system, if someone from company A emails someone from Company B neither company will receive the mail because both email systems require validation before accepting and passing on the email.

Options: ReplyQuote
Re: an idea what about it?
Posted by: jungsonn
Date: December 08, 2006 08:59AM

Correct.

Only it's a onetime proposal, the mail is being accepted, only it requires a onetime code only. So, when requested and accepted the mail is forwarded. Then, if this is an abuser you simply block their mail access in your admin.

I'm sure there are many unseen hooks in it, like falsified mail, or mail spoofing, but it could be overcome by some good engineering I think.

Options: ReplyQuote
Re: an idea what about it?
Posted by: bodil
Date: April 08, 2007 03:22PM

Im not sure i quite follow you, why would a key work better as identification than just the mail address? I mean, why not just make a white list with mail addresses instead of PINs?

Options: ReplyQuote
Re: an idea what about it?
Posted by: FR3DC3RV
Date: April 09, 2007 04:55AM

What about if i send a mail to myself?

-------------------------------
http://fr3dc3rv.blogspot.com

Options: ReplyQuote


Sorry, only registered users may post in this forum.