Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: exim: dev

Passive Spam Revocation

  

 
exim dev RSS feed   Index | Next | Previous | View Threaded


yaoziyuan at gmail

Oct 25, 2009, 6:32 PM

Post #1 of 7 (264 views)
Permalink
Passive Spam Revocation
Passive Spam Revocation (PSR)

Currently almost all mail systems (e.g. Hotmail and Gmail) use a spam
filter, which can drop good and important messages.

I propose an optional feature for current mail systems. The main idea
is if a message is considered spam, this spam status can be tracked by
the sender (but not sent to him directly, as the From field can be
faked). The message can be re-marked as "not spam" if the sender can
solve a CAPTCHA.

STEP 1: A is going to send B a message. A's mail client generates a
random code and puts it in a custom field in the outgoing message's
header:
Code: <random code>
STEP 2: A's mail client sends the message, waits 30 seconds, and then visits:
https://spamstatus.<B's mail domain>/?msgid=<Message-ID>&code=<Code>
This page displays one of these possible "spam statuses":
* MESSAGE CONSIDERED SPAM. (A CAPTCHA is also presented below.)
* MESSAGE CONSIDERED NOT SPAM.
* PENDING. PLEASE TRY AGAIN LATER.
* All other responses mean B's mail system doesn't support this feature.
In the first case, A's mail client will report the status and the
CAPTCHA to A. A can choose to solve the CAPTCHA to prove the message
is not spam.

Like the idea? Here is the official Google group for it:
http://groups.google.com/group/passive-spam-revocation

Regards,
Yao Ziyuan
http://sites.google.com/site/yaoziyuan/

--
## List details at http://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##


johannes at sipsolutions

Oct 26, 2009, 12:40 AM

Post #2 of 7 (249 views)
Permalink
Re: Passive Spam Revocation [In reply to]
On Mon, 2009-10-26 at 09:32 +0800, Yao Ziyuan wrote:

> I propose an optional feature for current mail systems. The main idea
> is if a message is considered spam, this spam status can be tracked by
> the sender (but not sent to him directly, as the From field can be
> faked).

Umm, that's what error codes and error texts exist for. Legit mail
servers will send the error message from the target back to their
client. Now, if there was an effort to formalise an error code for this,
that might be useful.

This idea is dumb as it requires extra work beforehand. 30 seconds are
also way too low.

johannes
Attachments: signature.asc (0.78 KB)


simon at arlott

Oct 26, 2009, 12:42 AM

Post #3 of 7 (251 views)
Permalink
Re: Passive Spam Revocation [In reply to]
On 26/10/09 01:32, Yao Ziyuan wrote:
> Currently almost all mail systems (e.g. Hotmail and Gmail) use a spam
> filter, which can drop good and important messages.

Only by flawed design. There's a 5xx SMTP response which could very
clearly indicate that it was spam.

> In the first case, A's mail client will report the status and the
> CAPTCHA to A. A can choose to solve the CAPTCHA to prove the message
> is not spam.

This only proves that a human or sophisticated program solved the CAPTCHA.

--
Simon Arlott
Attachments: smime.p7s (3.55 KB)


johannes at sipsolutions

Oct 26, 2009, 1:09 AM

Post #4 of 7 (248 views)
Permalink
Re: Passive Spam Revocation [In reply to]
On Mon, 2009-10-26 at 07:42 +0000, Simon Arlott wrote:
> On 26/10/09 01:32, Yao Ziyuan wrote:
> > Currently almost all mail systems (e.g. Hotmail and Gmail) use a spam
> > filter, which can drop good and important messages.
>
> Only by flawed design. There's a 5xx SMTP response which could very
> clearly indicate that it was spam.

I do this -- and I find that unfortunately some upstream servers
(especially large hosters) don't display the message to their users. So
far I've gotten away with calling it their problem, since due to good
safeguard measures so far it has happened in only two instances (that I
know of) in a few years of operation that good mail was rejected by the
system.

I wonder -- a quick search showed me rfc 3463, but I never heard of that
before -- does anything implement that?

johannes
Attachments: signature.asc (0.78 KB)


yaoziyuan at gmail

Oct 26, 2009, 2:02 AM

Post #5 of 7 (248 views)
Permalink
Re: Passive Spam Revocation [In reply to]
On Mon, Oct 26, 2009 at 9:32 AM, Yao Ziyuan <yaoziyuan[at]gmail.com> wrote:
> Passive Spam Revocation (PSR)
>
> Currently almost all mail systems (e.g. Hotmail and Gmail) use a spam
> filter, which can drop good and important messages.
>
> I propose an optional feature for current mail systems. The main idea
> is if a message is considered spam, this spam status can be tracked by
> the sender (but not sent to him directly, as the From field can be
> faked). The message can be re-marked as "not spam" if the sender can
> solve a CAPTCHA.
>
> STEP 1: A is going to send B a message. A's mail client generates a
> random code and puts it in a custom field in the outgoing message's
> header:
>    Code: <random code>
> STEP 2: A's mail client sends the message, waits 30 seconds, and then visits:
>    https://spamstatus.<B's mail domain>/?msgid=<Message-ID>&code=<Code>
> This page displays one of these possible "spam statuses":
>    * MESSAGE CONSIDERED SPAM. (A CAPTCHA is also presented below.)
>    * MESSAGE CONSIDERED NOT SPAM.
>    * PENDING. PLEASE TRY AGAIN LATER.
>    * All other responses mean B's mail system doesn't support this feature.
> In the first case, A's mail client will report the status and the
> CAPTCHA to A. A can choose to solve the CAPTCHA to prove the message
> is not spam.

Showing a message's spam status to the sender can be bad, if he is
really a spammer. So the page can also return:
* SPAM STATUS HIDDEN. (A CAPTCHA is also presented below.)
This means the sender can solve the CAPTCHA to see the status and
change it to NOT SPAM.

>
> Like the idea? Here is the official Google group for it:
> http://groups.google.com/group/passive-spam-revocation
>
> Regards,
> Yao Ziyuan
> http://sites.google.com/site/yaoziyuan/
>

--
## List details at http://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##


renaud at allard

Oct 26, 2009, 2:07 AM

Post #6 of 7 (249 views)
Permalink
Re: Passive Spam Revocation [In reply to]
Yao Ziyuan wrote:

>
> Showing a message's spam status to the sender can be bad, if he is
> really a spammer. So the page can also return:
> * SPAM STATUS HIDDEN. (A CAPTCHA is also presented below.)
> This means the sender can solve the CAPTCHA to see the status and
> change it to NOT SPAM.
>

So does that mean that you will send a captcha to every user sending a
mail? And for each mail sent, you will have to fill the captcha?
Attachments: smime.p7s (5.01 KB)


renaud at allard

Oct 26, 2009, 2:53 AM

Post #7 of 7 (243 views)
Permalink
Re: Passive Spam Revocation [In reply to]
Yao Ziyuan wrote:
> On Mon, Oct 26, 2009 at 5:07 PM, Renaud Allard <renaud[at]allard.it> wrote:
>>
>> Yao Ziyuan wrote:
>>
>>> Showing a message's spam status to the sender can be bad, if he is
>>> really a spammer. So the page can also return:
>>> * SPAM STATUS HIDDEN. (A CAPTCHA is also presented below.)
>>> This means the sender can solve the CAPTCHA to see the status and
>>> change it to NOT SPAM.
>>>
>> So does that mean that you will send a captcha to every user sending a
>> mail? And for each mail sent, you will have to fill the captcha?
>>
>
> Of course not. a CAPTCHA is presented at a URL only if the message is
> considered spam. The sender's mail client knows that URL, and if the
> sender can solve the CAPTCHA, the message is re-marked as not spam.

Then, if the sender receives the captcha, he knows it has been
categorized as spam, so he does not have to solve the captcha to know that.
Attachments: smime.p7s (5.01 KB)

exim dev RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact lists@gossamer-threads.com
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.