Sender: crough45 AT amc DOT de
Date: Tue, 15 Apr 1997 11:26:41 +0100
From: Chris Croughton <crough45 AT amc DOT de>
Mime-Version: 1.0
To: Anthony DOT Appleyard AT umist DOT ac DOT uk
Cc: DJGPP AT delorie DOT com
Subject: Re: Spam 
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id: <97Apr15.122411gmt+0100.21896@internet01.amc.de>


Anthony.Appleyard wrote:

>  User X sends a message to techdiver.
>  Techdiver bounces the message to X's apparent email address, with an
>instruction to send back within 2 days or so a special instruction authorizing
>the message, with a serial number which varies unpredictably between messages.
>  User X sends that authorizing message, with the serial number statedq as a
>parameter.
>  Techdiver THEN circulates the message.
>
>This eliminates all spammers etc who put false From: addresses on their
>messages.

And probably eliminates 90% of the legitimate traffic as well.  It's
like putting 19 locks on your front door, after a while it gets cheaper
to move somewhere else.

It also reminds me of one proposal during WW2.  To stop enemy paratroops
it was suggested that the airfields be covered with spikes.  Of course,
this 
might have an effect on the aircraft you want to land; the reponse was
"wouldn't it be simpler to surrender first?".

If I had to respond and authenticate every message I sent I'd pretty
soon
just not bother, and set up a FIDO node instead.  The delay's bad enough
as it is with some email servers (not delorie.com, admittedly, this
one's
about the fastest I've seen; I'm on one from std.world.com which can
take
a day just to transfer a message internally)...

A better way that I've seen is only to accept messages from subscribed 
addresses.  That still doesn't stop people forging 'from' lines but it
does mean that they have to do more work and it's generally not worth
them doing it.

Chris