NYCPHP Meetup

NYPHP.org

[nycphp-talk] SPAM tank

Steve Manes smanes at magpie.com
Mon Oct 27 07:26:47 EST 2003 

Shawn Lawyer wrote:

> About two years ago I came up with a simple way to eliminate Spam. I stopped
> collecting all traditional email and directed anyone who desired to
> contacted me to visit the contact section of my website. Here they were
> instructed to either login or apply for right to contact me electronically.
> This was a solution worked for fundamental purposes, stopping all Spam.
> ...
> 
> Needless to say, I started collecting my email again. I feel though, through
> wide scale participation, all the hassle can be eliminated. It would require
> a WS type architecture for the mailing lists and a completely new standard
> for email retrieval and sending, but is certainly possible. Anyone up for a
> project? Heh.

This is basically the whitelist approach taken by ISPs like Earthlink. 
It's also available as off the rack software, TMDA (http://tmda.net/). 
It's fine for casual email use where email isn't a critical path for the 
end user.  But there are inherent problems with it, for instance how do 
you deal with machine generated email like double-opt confirmations, 
notifications of ecommerce purchases, warnings like domain name 
expiration notices and of course bounce mail from mailer daemons telling 
you that your intended recipient doesn't exist?  For all practical 
purposes you can't preauthorize these sending addresses.

Another problem exists when you have two users with whitelists trying to 
contact each other.  In a badly designed system you could have an 
endless loop as the two whitelists fired off confirmation messages to 
each other.  Otherwise, one side is waiting for the other to do 
something before either party knows that a communication attempt has 
been made.

In the end, you need to queue those unauthorized contacts somewhere and 
inspect them periodically for "good" mail, but that's essentially what 
you do with a procmail or bayesian spam filter.  In the end, you still 
have to visit that "spam" folder to make sure that no "good" fish got 
caught in the net.

More information about the talk mailing list