how "http://www.spamarrest.com/" works (was: Re: Proposal: new "plug-offtopic" email list [ linux ...])

Eric "Shubes" plug at shubes.net
Thu Feb 14 13:53:31 MST 2008 

Mike Schwartz wrote:
> On Thu, Feb 14, 2008 at 11:33 AM, Technomage-hawke
> <technomage.hawke at gmail.com> wrote:
> 
>> On Thursday 14 February 2008 06:19, Shawn Badger wrote:
>>> Other than the emails about politics which could be considered spam at
>>> least by me, I can't remember the last time I saw spam on the plug mailing
>>> list. Maybe it is just me though.
>> I wasn't specifically complaining about *this* list. There are a lot of other
>> lists that I have been seeing bounces from lately (and none of them I am
>> subscribed to). it seems my e-mail got harvested and someone has been using
>> it as a "return envelope" address.
>>
>> unfortunately, just about all listserv software bounces back to the given
>> return address.
>>
>> it seems that those folks that manage listserv's have never bothered with any
>> kind of spam administration (spamd and others). I have contacted several of
>> the admins on some of these lists and been told that they let the package
>> deal with spam (IOW, it bounces back to the "victim" <in this case ME> and
>> said victim has to deal with the mess.).
>>
>> now, politics that has relevance to linux or freedom of choice (in your use of
>> OS) is never off topic (IMHO). the healthcare debacle we just went through
>> wasn't specifically on topic, but it did provide a barometer of who was alive
>> on this list <evil grin>.
>>
>> anyway. thats my beef with listserv admins who don't pay attention or do their
>> jobs (and its one of the reasons I have been seeing 400 "backscatter spams" a
>> day for the last week!).
>>
>> TMH
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
> 
> interesting;
> I have read some stuff (a white paper, e.g.) about greylisting, it might
>    be useful for you.
> Also, I have a little story to relate.
> On Feb. 5, I happened to have occasion to send an e-mail to a guy
>       Raymond <chiplambert at spamarrest.com>
> [I had never e-mailed to before], who uses "http://www.spamarrest.com/"
> for his spam arresting.   NOTE, I am not hesitating to give out the guy's
> e-mail address here, even though it might wind up in an archive of this
> list, on a PLUG web server of some kind.
>     The way it worked, was, the robot detected that it did not know who
> I was, (bogus or on the level), so it sent me a polite  little "one-time"
> e-mail message, saying [in part]
> <<
> Due to the large amount of Spam that I am receiving, I've opted to use
> SpamArrest. Please take a moment to just verify that you are a real
> person and I'll get your email.
> 
> Thanks!
> 
> Chip
> 
> Please click the link below to complete the verification process.
> You have to do this only once.
> 
> http://www.spamarrest.com/a2?AQNmZQxkAmcmL2u3LKW0rxOuL20ho3WaByWurJ1iozDj
> 
> 
> 
> You are receiving this message in response to your email to Raymond, a
> Spam Arrest customer.
> 
> Spam Arrest requests that senders verify themselves before their email
> is delivered.
> 
> When you click the above link, you will be taken to a page with a
> graphic on it. Simply read the word in the graphic, type it into the
> form, and you're verified.
> 
> You have to do this only once per Spam Arrest customer.
> 
> ------------------------------------------------------------
> Below are the complete headers of the message that this email was
> generated in response to.
> [...snip...]
> 
> I do not remember for sure whether there was a CAPTCHA involved,
> I think it just required me to click on that link with that very
> hard-to-guess
> (& presumably computationally difficult to reverse engineer)
> scramble code.
> ["AQNmZQxkAmcmL2u3LKW0rxOuL20ho3WaByWurJ1iozDj"]
> ...obviously, the "scramble code" part of that URL (after the "a2?")
> must be unique for each sender.
> (for each instance of challenging something).
> 
> I do not know how much money "http://www.spamarrest.com/" charges
> (it is probably explained on their site)
> but it sounds like this guy Chip uses them,
> so it must be worth it, for him.
> 
> Just a comment,
> from


I believe that's what's known as Tagged Message Delivery Agent (TMDA -
http://tmda.net/). Too much user involvement for my taste. My impression is
that greylisting is essentially just as effective without the user involvement.

-- 
-Eric 'shubes'

More information about the PLUG-discuss mailing list