Subject: | |
From: | |
Reply To: | |
Date: | Sun, 24 Aug 1997 22:59:07 -0400 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
One of my lists has the following problem. I suspect that (a certain class
of) spammers subscribe and lurk on the list (never posting anything to the
list) in order to collect the E-Mail addresses of the active posters. Every
once in while, one of these people will send a spam message - not through
the list - but directly to all the addresses that they have collected. The
spam E-Mail is not sent from the address at which they are subscribed, but
rather from a different address - so that it is not possible for me to be
sure which (lurking) subscription was used to collect the addresses for the
spam. (This sounds paranoid. In fact, I can't be positive that this is what
is happening - but I am pretty sure that it is.)
First, how can I best deal with this using current LISTSERV (1.8c) features?
Second, here is my suggestion for new functionality in LISTSERV to help me
with this problem. Please enter this into your list of formal enhancement
requests.
1. Associate a unique hash code (perhaps 64-bits long) with each E-Mail
address in the site's Address/Name register.
2. Have a per-subscriber option (possible named "Anonymous") controlling
whether the "From" header of messages posted by that subscriber gives the
subscriber's Name and E-Mail address or the List's Name and E-Mail address
plus the subscriber's hash code. (I was thinking of this for a list that
has "Send= Private". For a list that has "Send= Public", you could ignore
this (on the grounds that non-subscribers cannot set this option) or you
could have a list header keyword that controls this for non-subscribers
(analogous to "Ack="). If the option were to apply to non-subscribed
posters, you would have to search the Address/Name register to see if that
poster was known (and hence had a hash code assigned). If the
non-subscribed poster was not already in the Address/Name register, he
would have to be added.)
3. The hash code assignments would be reasonably permanent. They would
survive turning on or off the "Anonymous" option described in the previous
paragraph. They would survive signing off from and then re-subscribing to a
list. They would be common across all the lists at a particular site. The
hash code would be a hash function of (only) the E-Mail address - adjusted
in case of a collision. So if a user executed a "Register Off" command
followed by a "Register Full Name" command there would be a very good
chance that he'd get the same hash code he had before. (The only thing
preventing getting the same hash code would be if he had originally hit a
collision that no longer exists or if someone else happened to be assigned
his original hash code between the "Register Off"and "Register Full Name"
commands.)
4. An owner of a list would be able to see the subscribers' hash codes with
the Review command, and would be able to use the Scan command or the Query
command to look up a subscriber by his hash code.
5. Since I trust all the other list owners at my site, I would say that any
list owner should be able to query the Address/Name register by hash code
and be given the associated name and E-Mail address whether or not that
person is a subscriber to one of that owner's lists. Perhaps it could be a
an installation option whether any list owner or only LISTSERV maintainers
should be able to get that information. However, the ability to query the
Address/Name register by hash code should always be available to the
LISTSERV maintainer.
6. Perhaps there should be a list header keyword controlling whether the
"Anonymous" option may be used on this list, and if so, whether subscribers
can set/reset it themselves or only the list owner can set/reset it.
/David M. Rosenberg [log in to unmask] 1-617-253-8054
|
|
|