[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Asrg] Please critique my anti-spam system

To: asrg at ietf.org
Subject: Re: [Asrg] Please critique my anti-spam system
From: Laird Breyer <laird at lbreyer.com>
Date: Wed, 12 Jan 2005 13:25:46 +1000
In-reply-to: <20050110095454.GC27021@teal.hjp.at>
List-archive: <http://www1.ietf.org/pipermail/asrg>
List-help: <mailto:asrg-request@ietf.org?subject=help>
List-id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-post: <mailto:asrg@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
Mail-followup-to: asrg at ietf.org
References: <20050109045014.985003384B@ws7-3.us4.outblaze.com> <20050109055257.GA7690@ender> <20050109145403.GC16469@teal.hjp.at> <20050109161753.GA9497@ender> <20050109175432.GB18981@teal.hjp.at> <20050109231435.GA10187@ender> <20050110095454.GC27021@teal.hjp.at>
Reply-to: laird at lbreyer.com
Sender: asrg-bounces at ietf.org
User-agent: Mutt/1.5.6+20040523i

On Jan 10 2005, Peter J. Holzer wrote:
> 
> > Only the list expander knows the subaddress. Michael's MUA sends mail
> > to the main address, which replies with a CAPTCHA.
> 
> That's not the way I understood that it works.
> 
> ISACS rewrites all outgoing mails to contain a unique subaddress for
> each recipient. Thus all your mails to the mailing-list will contain
> your subaddress for the recipient asrg at ietf.org, (e.g. <laird.123 at ...>),
> not your main address <laird at ...>.
> 
> When Michael hits the group reply button, his MUA will take the
> addresses from the headers and compose a mail to <asrg at ietf.org> and
> <laird.123 at ...> (It doesn't know that this is a subaddress, nor what the
> main address is).
> 

I didn't think it would be this way, as that would make spam attacks so much
easier.

Consider the following: I give a subaddress laird.123 at ... to
the ASRG mailing list. I now send a message to the list.

1) If the ASRG expander forwards my subaddress laird.123 at ... to everybody
on the list, then everybody knows my subaddress and can send me mail without
being filtered. Moreover, the public archives at

http://news.gmane.org/gmane.ietf.asrg.filtering/

now list the subaddress laird.123 at ... , so anyone on the internet can send
me mail without being filtered.

2) If the ASRG expander censors my subaddress, ie claims the mail is from
laird at ..., then anybody replying to me privately must still pass a CAPTCHA.
But at least the list expander is the only entity which can use the unfiltered
subaddress.

-- 
Laird Breyer.

_______________________________________________
Asrg mailing list
Asrg at ietf.org
https://www1.ietf.org/mailman/listinfo/asrg

References:
- Re: [Asrg] Please critique my anti-spam system
  - From: Michael Kaplan
- Re: [Asrg] Please critique my anti-spam system
  - From: Laird Breyer
- Re: [Asrg] Please critique my anti-spam system
  - From: Peter J. Holzer
- Re: [Asrg] Please critique my anti-spam system
  - From: Laird Breyer
- Re: [Asrg] Please critique my anti-spam system
  - From: Peter J. Holzer
- Re: [Asrg] Please critique my anti-spam system
  - From: Laird Breyer
- Re: [Asrg] Please critique my anti-spam system
  - From: Peter J. Holzer

Prev by Date: [Asrg] subverting ISACS
Next by Date: Re: [Asrg] subverting ISACS
Previous by thread: Re: [Asrg] Please critique my anti-spam system
Next by thread: Re: [Asrg] Please critique my anti-spam system
Index(es):
- Date
- Thread