1996-12-31 - Re: Hardening lists against spam attacks

Header Data

From: ichudov@algebra.com (Igor Chudov @ home)
To: frantz@netcom.com (Bill Frantz)
Message Hash: fc6f90a948941f09a1561f86ab3c6356f15bd5442b8c76e59cba4346a49f436e
Message ID: <199612310833.CAA03527@manifold.algebra.com>
Reply To: <v03007803aeee6643cfe0@[]>
UTC Datetime: 1996-12-31 08:40:00 UTC
Raw Date: Tue, 31 Dec 1996 00:40:00 -0800 (PST)

Raw message

From: ichudov@algebra.com (Igor Chudov @ home)
Date: Tue, 31 Dec 1996 00:40:00 -0800 (PST)
To: frantz@netcom.com (Bill Frantz)
Subject: Re: Hardening lists against spam attacks
In-Reply-To: <v03007803aeee6643cfe0@[]>
Message-ID: <199612310833.CAA03527@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text

Bill Frantz wrote:
> (3) In order to limit the number of posting tokens, the list server will
> only issue a few per day.  The lucky few who get them, everyone who asks
> under normal circumstances, may be determined by an algorithm designed to
> limit token collection by future attackers.  (This area is where this
> proposal needs work!)

Send a number of unique tokens to each subscriber each day.  Enforce a
rule that only posts with valid current tokens may be accepted. The
number of tokens should initially be very small (say, one per day) and
then should be quickly increased to a sufficient number, like 10 or 20,
as the subscriber shows a record of using tokens properly (as defined by
acceptable content rules).

A database is kept as to who was issued which tokens.

If tokens are used improperly (to post off-topic materials) the 
offending subscriber is denied any further tokens.

The problem of this scheme is (besides its cost) that anonymous users
will not be truly anonymous.

	- Igor.