lzcd has asked for the wisdom of the Perl Monks concerning the following question:
I’m planning on implementing a pessimistic spam filter for an e-mail address under my control.
The filter would kill any mail not bearing a valid token id.
Tokens, in this case, are nothing more than DB entries with a counter that decrements upon each usage.
If required, I might add in other criteria such as time and sending address.
I’m planning on offering ‘single use’ tokens on my web page as a possible alternative to giving away my e-mail address. The act of getting a token and the required e-mail address should be painless for a human user but beyond the capabilities of your normal e-mail collection bot. (eg. Requires a post operation etc.)
This way I should hopefully get the best of both worlds.
To those I know, there’s the following options:
- I can give an ‘unlimited use’ token for those whom I trust but just wish to annoy. ;)
- I can give a ‘limited use’ token for those I must survive multiple correspondences with but absolutely no more than necessary.
- I can add somebody’s pertinent details to the filter and forgo the need for a token at all.
To those I don’t know, I give the opportunity to contact me via e-mail without the significant possibility of catching the ever popular spam epidemic.
Okay I can dig up as many Mail handling modules as the next guy so my question isn’t related to code specific things.
It’s more of a sounding board type of thingie.
Does anybody know of a similar system already in place?
Are there any subtle security issues here that I’m likely to find out the hard way?
Spam collection bots may be relatively easy to outsmart but crackers and the like are not. Any tips here for a person familiar with the CGI coding do/nt’s but not the e-mail ones? (eg. Overflows in the token generation page etc.)
Thank you for your hair loss time.
The filter would kill any mail not bearing a valid token id.
Tokens, in this case, are nothing more than DB entries with a counter that decrements upon each usage.
If required, I might add in other criteria such as time and sending address.
I’m planning on offering ‘single use’ tokens on my web page as a possible alternative to giving away my e-mail address. The act of getting a token and the required e-mail address should be painless for a human user but beyond the capabilities of your normal e-mail collection bot. (eg. Requires a post operation etc.)
This way I should hopefully get the best of both worlds.
To those I know, there’s the following options:
- I can give an ‘unlimited use’ token for those whom I trust but just wish to annoy. ;)
- I can give a ‘limited use’ token for those I must survive multiple correspondences with but absolutely no more than necessary.
- I can add somebody’s pertinent details to the filter and forgo the need for a token at all.
To those I don’t know, I give the opportunity to contact me via e-mail without the significant possibility of catching the ever popular spam epidemic.
Okay I can dig up as many Mail handling modules as the next guy so my question isn’t related to code specific things.
It’s more of a sounding board type of thingie.
Does anybody know of a similar system already in place?
Are there any subtle security issues here that I’m likely to find out the hard way?
Spam collection bots may be relatively easy to outsmart but crackers and the like are not. Any tips here for a person familiar with the CGI coding do/nt’s but not the e-mail ones? (eg. Overflows in the token generation page etc.)
Thank you for your hair loss time.
Back to
Seekers of Perl Wisdom