One alternative to changing the email address is to have a nonce
which must appear in the post for it to be forwarded to end users.
Change it once a month or so. Make it either a random string of
digits, or a string unlikely to occur in a post by accident.
The point here is not to prevent individual posts, but rather to stop
mass machine-generated spam. The mass mailers, while having
some flexibility (for example, providing a bogus From: header
which changes with each message), don't have rulesets
capable of arbitrary per-recipient customization beyond the
"Dear Cypherpunks:" level.
If we implemented a rule that said that valid posts must contain
the year and month in the Subject line (eg '[0005]' as this post
does) we'd get rid of 99 98/100s % of the spam. If a server receives a
message which does not contain the string, toss it and return
a message explaining the policy. Users sending anonymously
won't recieve it, but are generally clueful enough to figure out the
policy. (After all, they read the list somehow).
There are a number of Usenet newsgroups where the spam level
has risen to such a level that a similar policy has been instituted:
the newsgroup's initials appears in the subject lines of 'real' posts.
I have never seen spam which spoofed this mechanism,
even though the nonce is static over a span of years.
This a bit like putting the 'Club' antitheft device on a car. It won't
stop a really *determined* bad guy, but will thwart the vast
majority of them. It's also easy to implement at the CDR nodes.
Peter Trei
> ----------
> From: Tim May[SMTP:[EMAIL PROTECTED]]
> Reply To: Tim May
> Sent: Friday, May 05, 2000 2:23 PM
> To: [EMAIL PROTECTED]
> Subject: Options for list filtering
>
>
> (I'm not worried about being called a communists or a pedophile for
> commenting on this issue. Nor am I worried about being called a
> communist _by_ a pedophile. Or vice versa.)
>
>
> At 12:29 PM -0500 5/5/00, Declan McCullagh wrote:
> >Eric is correct that the list was created that way, and operated
> >that way, for historic reasons. But now it seems like the costs may
> >exceed the benefits. I suggest losing the old email addresses
> >(toad.com, cyberpass.net, ssz.com) and having those messages routed
> >to a web site or info dump that can be publicly perused.
> >
> >The "new" or "active" cypherpunks list would consist of the same
> >subscriber list and have the same distributed setup; it would simply
> >have different email "entry points." So to send mail, you'd need to
> >know to send to [EMAIL PROTECTED] That at least might
> >reduce spam.
> >
>
> I support periodic name changes. This is one reason people sometimes
> change their usernames and/or ISPs: they've gotten on too many spam
> lists. Or their phone numbers. Or in extreme cases, their countries.
> A fresh start is sometimes needed.
>
> This has happened to the Cypherpunks list. Not only are list
> harvesters finding the various Cypherpunks list names (algebra, toad,
> cyberpass, ssz, etc.), but the "union of all posts" strategy of the
> CDR ensures spam to any of the addresses reaches us all. Harvesters
> have literally had years to find various Cypherpunks list addresses.
>
> The repugnance toward content filtering, except when voluntarily
> arranged for, is laudable. We saw in years past that nominally benign
> "moderation" can easily degenerate into partisan filtering of
> opposing views. UNDER NO CIRCUMSTANCES should the root CDR nodes
> filter messages by body text content.
>
> However, there's nothing that says the Cypherpunks list has to have a
> persistent address, with a time constant of years. A name change
> every quarter or so, with existing subscribers carried over to the
> new name, would help with advertising spam.
>
> What about people who discover the Cypherpunks list from some old
> "Wired" article which gives the subscription info? This is usually
> going to be the "[EMAIL PROTECTED]" old address, and the majordomo
> variants. Those who use that address can be bounced a message telling
> them the latest list addresses. (This is some work by someone...I'm
> not volunteering John or Hugh or anyone else to do this. However, at
> some point the use of the ancient toad.com address was supposed to go
> away anyway...right now it's adding a lot of noise to our system.
> Perhaps it is time for the other CDR nodes to pull the plug on
> accepting posts sent to the toad.com address.)
>
> A second possibility is to do what many lists do: only allow posts by
> subscribers.
>
> What about remailers and other anonymous posts? The addresses of all
> known CP/Mixmaster/Freedom services could be added to the list of
> allowed posts. This means a devious spammer could still get through,
> but so much the better (at least he's using good technology!).
>
> This would screen out Hotmail, My-Deja, and similar "weak tech"
> pseudo-anonmyizers, but this is also so much the better.
>
> I'm generally inclined toward letting those who want filtering of any
> sort to subscribe to filtering services. However, spam and posts from
> those with absolutely no links to the CP community are now the bulk
> of messages (at least it seems this way to me when I delete a dozen
> such messages and only read a handful that are left).
>
> At some point it makes some sense to use _non-content_ filtering.
> Changing the names periodically will cut out a lot of past-harvested
> addresses. Only allowing posts by subscribers and via strong
> remailers will do the same.
>
> --Tim May
>
> --
> ---------:---------:---------:---------:---------:---------:---------:----
> Timothy C. May | Crypto Anarchy: encryption, digital money,
> ComSec 3DES: 831-728-0152 | anonymous networks, digital pseudonyms, zero
> W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets,
> "Cyphernomicon" | black markets, collapse of governments.
>
