[EMAIL PROTECTED] wrote:
"Fred Williams" <[EMAIL PROTECTED]> wrote:
How about some form of automated(?) sequence where:
New subscriber submits subscription request.
System sends "query" message to subscriber address.
New subscriber sends "confirmation" message within reasonable time
period.
List access granted on receipt of confirmation.
At least the damn spammer would have to do a little work to be a bottom
feeder. Too bad there must be an endless number of idiots out there (P
T Barnum postulation) or the problem would self regulate.
Such a system is already in place. Please recall when you
signed up that you got a confirmation message that you had
to reply to before you were added to the mailing list.
And yet somehow, the spammer still managed to get signed up
using a "paypal.com" address. How did they do that?
--
D. Richard Hipp <[EMAIL PROTECTED]>
Is it possible to spoof the reply message? Even if it is lost the
villain sends what you expect the response would be, including the
spoofed header.
It could be a classic "Man in the Middle" attack where the culprits are
actually intercepting mail by some corrupt practice. Spammers have
become very cunning and a lot of money is involved.
Could you implement the type of challenge that is becoming common where
you send an image with distorted text and require a visual decoding of
the text in the reply for validation? That would eliminate valid
machine-generated responses. Does pose a text-only problem, solved with
a WWW link.
One other idea might be to have a regular challenge email requiring a
reply to maintain the account. A rule such as "fail three consecutive
challenges and you are deleted" would be necessary to avoid eventually
deleting all users. A gentler variation might be to not remove the user
but to make that user read-only by removing posting rights, preserving
the rights of casual readers but denying access to spam.
JS
