Yesterday I had more than 200 email messages from “System Administrator” – all sent within a minute. They came through our university anti-spam filter. This is getting too much…
Here is a simple anti-spam algorithm:
Create an email filter (say in Python) which checks every incoming email against a list of approved email addresses. If the sender address is NOT in the list of approved email addresses, it automatically sends back (something like) this:
If you are a real human, please reply with the word “pass”. (Simply hit Reply, type “pass” as your response, and hit Send.)
This is an automated response from Bill Manaris’s anti-spam filter.
This program can be placed within the .forward file on Unix systems (and eventually incorporated within email clients). (The configuration is similar to the one used by the Unix vacation program.)
The program maintains a list approved email addresses. This list may be initialized with the user’s email contacts. This list gets updated with addresses of people who pass the test.
The program automatically places in the incoming mailbox (e.g., .mail) any messages that complete the password exchange. It strips the password exchange and leaves only the original message.
The password message is an external text file. Also, there may be an external list of passwords to pick from.
A special case is when a spammer uses a person’s own email address to send that person spam. If necessary, this could be handled by expecting a special password in self-sent messages.
The above handles the majority of spam messages I have received.
Another possibility is that spammers may use emails from people already approved for a certain person. However, since these lists are different for different people, it is highly unlikely that a general automatic technique be developed by spammers to counteract it.
The beauty of this algorithm is that it turns the table on spammers: Even if they catch on, the program can evolve its behavior (e.g., message, pass word (or pass phrase), etc.). Also different people will have different messages. So it’s hard to create an automatic anti-anti-spam mechanism.
In terms of usability, it puts some strain on email senders – but only on those who have not communicated with you before, and only once. This usability strain is similar to the image-based passwords required by services like Google.
In conclusion, this may not be 100% foolproof, but it may effectively complement existing (and sometimes ineffective) anti-spam techniques.
- Chris Samuel, Vacation Email Responder program, 20 Jan, 2007.