[OT] spam and virii ? - cryptographic authentication solution?

Sun May 26 02:47:01 EDT 2002

   First, a simple question:  lots of people have taken to putting the 
emails as 'jswitte at indiana dot EDUcation' or something like that.  
Could the runRev listserv automatically do this with people's email 
addresses?  (Or do the spam bots already know how to deal with that?)

   I haven't noticed any doing a cursory look at my folder (from Feb 
through May).  Here's an idea to combat this: could we set up a 
list-serv-based PGP system (or some kind of authentication system)?  I 
read a piece once that said that for all people complain about spam 
these days, it would either not be a problem, or be less of a problem, 
if the US Gov't had gotten it's head out of the sand about crypto back 
when Diffie and Hellman were doing there work: that if EVERYONE had a 
public/private key, then not only could everything be secure, but it 
could be authenticated as coming from someone in particular.

   (Of course, such a system shouldn't be a requirement, and the amount 
of information linked to the key should be absolutely minimal, and it 
probably shouldn't even be set up by the gov't - too many 
conspiracy-heads out there to trust, too much history of the gov't 
giving the conspiracy-heads reason to be skeptical, and it would be a 
logistical nightmare [though no more than the Clipper-chip fiasco would 
have been]  But I digress..)

   My complicated idea is that when a message is sent, the sender's email 
is hashed with the time-stamp of the the message and placed at the end.  
Find an algorithm that so that the hash-verification would not "fail" if 
the "inputted time" was within 3 minutes of the "real" time.  When a 
message is downloaded, the time-stamp and email are fed into the hash 
function, and the code is looked for at the bottom.  If it isn't there, 
it goes into a junk folder.

   My simple idea is just to have everyone add a specific character code 
to their signatures, which the listserv would look for, and if not 
present, would prepend "[POSSIBLE SPAM]" to the subject line.

   The second idea requires that people do something everytime they send 
a message (or modify their signatures), and spammers might eventualy 
catch on (but I would think that if a spammer is THAT determined to hit 
the RunRev demographic, they might not be considered spam..)  The 
problem with the first idea is that for it to really work it has to be 
transparent, which means writing a "send-plugin" on 4 or 5 or more 
different email clients (off the top of my head, Apple Mail, MS 
Entourage [Win/Mac], Eudora [Win/Mac/Newton], Emacs, Pine)  That would 
not be a small undertaking (nor do I know enough about writing plugins 
to do even some of it)..

   If you've gotten this far, thanks for listening to me ramble..

Jim

> is anyone else starting to receive "spam" from this list?
> i've also received a few unknown emails that contained the same virus..
> perhaps there could be a way to block out our email addresses so as not 
> to be a source for email "miners"? maybe have the email "From" the real 
> person but have the mailing lists email address instead?