KB02052301 Using 'Temporary addresses' to reduce SPAM
Mailtraq introduces a novel approach to preventing SPAM with Temporary Addresses
There is no need to explain how much of a problem SPAM is for you. The modern Internet plague is a drain on both resources and time, but is remarkably hard to fight effectively.
Every SPAM message has three elements :-
- The sender's address
- The message data
- and your address
The traditional approaches deal with (1) and (2). Mailtraq already has the ability to match the sender address against Relay Black Lists and it is not difficult to scan for common SPAM keywords in the message. However, these are constantly changing, and you don't have any control over them. What doesn't change, and what is in your control, is your own address.
Where does most SPAM come from?
Not surprisingly, SPAM sources have to obtain your address from somewhere. Typically this is done by the SPAM author obtaining address lists. There are really only two ways to get on a list: either you submit your e-mail address (typically when filling out a web page form on an Internet site, or posting to an untrusted recipient), or your address is farmed by an address harvester.
Harvesting simply means some robot scans web pages, the Usenet, and other published data for e-mail addresses.
So if you only sent e-mail to trusted recipients and never gave your address out to anybody or posted any public messages, you probably wouldn't receive any SPAM at all.
Unfortunately that isn't possible for everybody.
But when you are "giving your address to the public" -- you are typically only doing so with the intention of receiving responses for a limited period. If you think about it, when you fill in a form you typically only wish to receive replies immediately, not three months later. The same applies to the Usenet: when you post an article you are only really interested in replies prior to the article's expiry.
This is where the idea of Temporary Addresses comes in. Mailtraq now supports the concept of an e-mail address that has an explicit expiry in it.
There are two types supported: explicit temporary addresses and concealed addresses. Explicit addresses take the form username$E20020523@domain.com where the 20020523 is the explicit expiry date (yyyymmdd, or the 23rd of May, 2002).
If Mailtraq receives a message for an address in this format (at one of the local domains) it first verifies that the explicit date has not yet passed. If it has, it acts as though the address is in the Recipient Barring list and rejects it. Otherwise, it stripts off the $E20020523 part and allows the message to pass.
Concealed addresses are in the form user$E60@domain.com and must be sent through Mailtraq. In the example, the 60 is the number of days from the current date during which the address is valid. When Mailtraq receives a message sent from an address in this format (at one of the local domains) it converts the address (and every occurrence in the message) into something like E-123456789ABCDEF-123-E@domain.com thus completely concealing the original user part. When messages are received addressed in this format (to one of the local domains), Mailtraq will decode the address and verify that it is within the validity period. If not, it rejects it (as for Explicit Temporary Addresses) otherwise it converts it into the original format and allows it to continue.
Using Temporary Addresses
You can use the Explicit Temporary Addresses anywhere you have to give an e-mail address (such as in web forms). You should use the Concealed addresses when you are able to send an e-mail or Usenet article through Mailtraq (giving it the opportunity to conceal the address).