| Who does not know about SPAM? Those email-messages nobody ever requested,
promising instant wealth without having to work for it, those messages
introducing products none ever asked for or even daring to ask for,
or even those messages trying to sell us lists of email-adresses to send
spam to?
I for my part know about them and hate them. Even though I strictly do
everything possible to filter out SPAM as soon as it lands on my server
(SpamAssassin proved to be very
helpful but unfortunatly does not work so well with SPAM not sent in english),
there are somme messages passing through. Even more: Receiving SPAM, even
though never put before my eyes, uses bandwith and thus, costs money.
Filtering SPAM even before it is accepted by the mailserver turns out
to be difficult as not that much information is avaliable before the
message has actually been reveived (I am no fan of RBL-checks as I know
of many providers that had a relay-problem, fixed it, but cannot get
out of the list).
So my solution goes one step further back in the chain of events:
Back to the sender and back to where the sender has my adress from.
My Email-Adress is visible at the bottom of every page here at pilif.ch,
and I am communicating with the Adress in the Reply-To-Header in my
postings to newsgroups (the FROM-Header is kind of special but this
has not proven to be well-working).
What if I can create email-Adresses that a legitimate person can
send email to but a spammer cannot? That would be a solution: SPAM sent
to those adresses could be blocked of with an "user unknown" error while
Mail from legitimate users could pass through.
My Perl-Script explained below goes to this direction as it allows you
to create adresses that are valid only for certain time period or for
a certain amount of message receptions. If you find this adress somewhere;
in the usenet or on my webpage (I did not yet have the time to change
all the adresses on this page), you can send an email to it. On the
server-side, it is checked, whether the address is still valid (timely)
and if so, you reach me. If not, my MTA will bounce the message with
an "user unknown"-Error, but will be adding some human-readable-information
how to get a new, valid email-address (here on this webpage).
The same story with services that require my registration. I just create
an adress valid for, say, 20 minutes and one message sent to it. The
service will send the adress-validation-message to the adress and it will
get through to me. If the service sends another message, the send-count
will have reached zero and the MTA will reject the message with "user
unknown".
Sounds nice, doesn't-it?
Thiss article presents a small script for encoding and checking
adresses to be plugged in your MTA. How this is achieved with my MTA,
Exim, will be subject of an article to
follow.
|