[prev in list] [next in list] [prev in thread] [next in thread] 

List:       gentoo-desktop
Subject:    [gentoo-desktop] Re: How to prevent usenet spam by mangling Knode email address
From:       Duncan <1i5t5.duncan () cox ! net>
Date:       2005-02-21 12:03:04
Message-ID: pan.2005.02.21.12.03.03.194022 () cox ! net
[Download RAW message or body]

Michael Kintzios posted
<2348FF22DDBAD411BCD70002A51304480579F6A4@BCV0X134EXC0001>, excerpted
below,  on Mon, 21 Feb 2005 11:14:48 +0000:

> Knode does not allow me to mangle the Email Address to avoid spam bots. It
> requires a "valid email address".  The manual says that one can achieve
> that, i.e. mangle the address, in the Reply-to Address field.
> 
> Would this be effective?  Isn't the Email Address always shown in the news
> message header and thus it is harvested by the bots?

First, how is it going to know it's "valid"?  Try something of the
appropriate format, but invalid.  example.com and the .invalid tld (top
level domain) are reserved addresses for this sort of thing.  

Or... do what I do (using PAN not knode) for a munged but valid when
unmunged address: realuser@realdomain.reply2group.realtld.please, then put
instructions in my custom headers saying what to remove (the reply2group
and please sections) if necessary.  Additionally, I say no HTML messages
(I filter them), and provide instructions for a subject keyword (I filter
everything to that address, which I specifically use for news only, unless
it has that keyword, "-news", at the end of the subject line).  Then, I
use one line of my sig to say something like "Newsgroup replies preferred.
 To mail, see the x-munging headers."  Thus, when they are done following
the instructions, they have a valid address of the form
realuser@realdomain.realtld, which will get to me, provided they put the
correct keyword at the end of the subject line and post in plain text, not
HTML. This works fine, because I /do/ want most messages to go to the
group, so discouraging direct mail is OK, but at the same time, I remain
available by direct mail if there's something that really does /not/
belong in the group.

As for your question directly, the "from" address shows up in news
overviews, and thus is fairly easy for the spammers to harvest.  You want
it munged, if it points to a real address at all (tho it can /look/ real).
The "reply to" address, however, only shows up when they actually download
the message and check for it. Most spammers don't go to the trouble (tho
some may).  Any good news client, however, will use the reply-to when
posting directly to you.  Thus, you can probably get away with this one
being real, or real but munged.

In any case, seriously consider setting up a dedicated address for news
posting only.  That makes it much easier to change should it eventually
become necessary to do so.

Finally, on munging technique:  Ideally, never use an existing domain, or
one that /could/ exist.  Thus, don't put user.munging@realisp.net, because
the spammer will still be making your ISP do extra work even if you don't
get the mail.  Also, don't put user.munging@other.realisp, because that
makes some other legitimate domain's mail server have extra work to do. 
Instead, preferably use at least an invalid tld, such as the .please in my
example above, plus one other invalid element in the domain, such as the
reply2group above, so even if they automatically detect and strip the
invalid tld, it still doesn't get thru (and hopefully
realisp.reply2group.realtld doesn't exist... I did my best blocking it
with the .please tld...).

With that munging, the no-html filter, and the subject keyword filter,
I've yet to get a single spam that got thru on that address.  Of course, I
can't be so picky with most of my addresses, but then again, most of my
addresses aren't posted all over the net in one form or another.

-- 
Duncan - List replies preferred.   No HTML msgs.
"Every nonfree program has a lord, a master --
and if you use the program, he is your master."  Richard Stallman in
http://www.linuxdevcenter.com/pub/a/linux/2004/12/22/rms_interview.html



--
gentoo-desktop@gentoo.org mailing list

[prev in list] [next in list] [prev in thread] [next in thread]