Anti-Spam Software Page

On January 24, 2002, I sent a query out to a large mailing list of friends asking about anti-spam software which worked like this:

1) Mail comes in.  If from a known "good" address, it is delivered to my
inbox.  This would have to include some sort of filter which allows mail
from distribution lists.

2) Otherwise, the program queues the mail and sends a reply which states
basically "Sorry about this, but I get way too much spam.  Your mail was
received by this automated program and is being held in a buffer.  If
you're actually a human who needs to talk to me about something, please
simply reply to *this* message within N days - your original message will
then be delivered, and you'll never need to deal with this again."

3) If the program gets a reply from its query, it automatically adds the
sender to the "good" list and delivers the queued message(s).  After mail
has been in the queue N days, it gets reaped.

Indeed, as with most good ideas, this one has already been implemented several times. So here's a summary of what I learned:

Available Packages

• TMDA
• SpamThing
• SpamCop
• SpamBouncer

Works in Progress

• Crash's 'crm114'

So which one did I pick?

I'm going with TMDA for now, although it doesn't actually quite do what I want it to. It's open-source, so I can tweak it, it's easy to integrate via procmail, and it does almost the right thing.

I plan to flesh out this page describing my changes to TMDA, and any other good news/info about this type of program that I can gather.

Changes to TMDA

TMDA journal

Feburary 9, 2002:

I actually switched TMDA on last night after testing my changes some more. My comments to a friend this morning:

18 spams caught and corralled, and one false positive (I forgot to add
amazon auto-mail addresses to my whitelist, and ordered a CD, so the
confirmation got queued).

It was, I must admit, a rather nice feeling to check my morning email as
per usual and find ZERO spam.

One really nice feature of TMDA is that it can automatically generate
special return addresses for you, which contain cryptographically secure
hashes of information like a date or a sender address - the idea being
that you can mail to a mailing list or something with an address which is
valid (i.e. anyone can send mail to it unfiltered) for some period of
time, after which that address starts requiring confirmation like your
normal one.  You can do the same thing specifying a sender (send mail to
void, say, with an address that will automatically accept mail from
jailbait and no one else), or a keyword (but for these you need to
manually control the filtering - they're just handy dynamic addresses).

I still need to tweak the code a little since adding my "auto-confirm
every message from a given sender" feature was a bit of a kludge the way I
did it.  But in general, I'm guessing it's a win.

February 11, 2002:

Revamped my changes to be much cleaner. This is the way it works now:

• When a message comes in, it gets stored in the pending/ directory as usual. In addition, the message filename is appended to the contents of a file in the pending/senders/ directory which is named the same as the envelope_sender (for instance senders/glen@thoughtcraft.com). This file will be created if it does not exist.
• When a confirmation comes in, we first look for a senders/ file matching the sender on the confirmed message. If we find one, we auto-confirm ALL messages in that file, and add the sender to the whitelist if appropriate.
• That's it - pretty simple, eh?