how "http://www.spamarrest.com/" works (was: Re: Proposal: new "plug-offtopic" email list [ linux ...])

Mike Schwartz schwartz at acm.org
Thu Feb 14 12:58:34 MST 2008 

On Thu, Feb 14, 2008 at 11:33 AM, Technomage-hawke
<technomage.hawke at gmail.com> wrote:

> On Thursday 14 February 2008 06:19, Shawn Badger wrote:
> > Other than the emails about politics which could be considered spam at
> > least by me, I can't remember the last time I saw spam on the plug mailing
> > list. Maybe it is just me though.
>
> I wasn't specifically complaining about *this* list. There are a lot of other
> lists that I have been seeing bounces from lately (and none of them I am
> subscribed to). it seems my e-mail got harvested and someone has been using
> it as a "return envelope" address.
>
> unfortunately, just about all listserv software bounces back to the given
> return address.
>
> it seems that those folks that manage listserv's have never bothered with any
> kind of spam administration (spamd and others). I have contacted several of
> the admins on some of these lists and been told that they let the package
> deal with spam (IOW, it bounces back to the "victim" <in this case ME> and
> said victim has to deal with the mess.).
>
> now, politics that has relevance to linux or freedom of choice (in your use of
> OS) is never off topic (IMHO). the healthcare debacle we just went through
> wasn't specifically on topic, but it did provide a barometer of who was alive
> on this list <evil grin>.
>
> anyway. thats my beef with listserv admins who don't pay attention or do their
> jobs (and its one of the reasons I have been seeing 400 "backscatter spams" a
> day for the last week!).
>
> TMH
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

interesting;
I have read some stuff (a white paper, e.g.) about greylisting, it might
   be useful for you.
Also, I have a little story to relate.
On Feb. 5, I happened to have occasion to send an e-mail to a guy
      Raymond <chiplambert at spamarrest.com>
[I had never e-mailed to before], who uses "http://www.spamarrest.com/"
for his spam arresting.   NOTE, I am not hesitating to give out the guy's
e-mail address here, even though it might wind up in an archive of this
list, on a PLUG web server of some kind.
    The way it worked, was, the robot detected that it did not know who
I was, (bogus or on the level), so it sent me a polite  little "one-time"
e-mail message, saying [in part]
<<
Due to the large amount of Spam that I am receiving, I've opted to use
SpamArrest. Please take a moment to just verify that you are a real
person and I'll get your email.

Thanks!

Chip

Please click the link below to complete the verification process.
You have to do this only once.

http://www.spamarrest.com/a2?AQNmZQxkAmcmL2u3LKW0rxOuL20ho3WaByWurJ1iozDj



You are receiving this message in response to your email to Raymond, a
Spam Arrest customer.

Spam Arrest requests that senders verify themselves before their email
is delivered.

When you click the above link, you will be taken to a page with a
graphic on it. Simply read the word in the graphic, type it into the
form, and you're verified.

You have to do this only once per Spam Arrest customer.

------------------------------------------------------------
Below are the complete headers of the message that this email was
generated in response to.
[...snip...]
>>

I do not remember for sure whether there was a CAPTCHA involved,
I think it just required me to click on that link with that very
hard-to-guess
(& presumably computationally difficult to reverse engineer)
scramble code.
["AQNmZQxkAmcmL2u3LKW0rxOuL20ho3WaByWurJ1iozDj"]
...obviously, the "scramble code" part of that URL (after the "a2?")
must be unique for each sender.
(for each instance of challenging something).

I do not know how much money "http://www.spamarrest.com/" charges
(it is probably explained on their site)
but it sounds like this guy Chip uses them,
so it must be worth it, for him.

Just a comment,
from
-- 
Mike Schwartz
Glendale AZ
schwartz at acm.org

More information about the PLUG-discuss mailing list