Greylisting

Its funny when you work on language, you can be taken to the farthest reaches of best practices - if you play your cards right. People use language to identify themselves.

Spammers can be identified by a triplet of information - the originating IP address or relay of the mailserver they use to blast mail, the sender, and the recipient address. These three elements are the only key elements of the message that can truly identify the origin.

Accent can identify a person, as can language quirks. For spammers, the fatal identification is that their network identifies them. No spammer ever sent a single email without being able to login, receive a unique address, and then somehow connect to an address that is publicly routed. In addition, they often go with "fire and forget" .. they attempt to send the spam to one or several MX hosts for a domain, but then never attempt a true retry as a real MTA would.

You've probably been annoyed by spam, at some point. I really like the problems associated with spam in forums as well - "trolls" who post in forums to drive the dialog of people towards activity on their pay for play websites. All of these problems in fact, are really pretty interesting - they all have real impact, whether connecting with your friends, children, or business associates. And since government is going to communicate by email and we'll have a 'google for government' up after Obama gets elected, we'll need to make sure we're in a clear signal to noise environment.

Ok. How do you solve the problem.

1. Leverage the whitelists - most organizations sending decent mail are relay locked and whitelisted .. we will do this by comparing a field of the triplet to a whitelist. Time so far. 1/10th of a sec. - Administration cost. Zero.
2. Then, check to see if you're whitelisted on the recipient. that is, anything sent to a good domain, should be good to go (remember you're whitelisted from the domain sending above )
3. Ok, so maybe there's like. a new server sending a new mail. ok. .. delay an hour . A spammer will be trying to send lots of mail, and the hour delay will give too much time for people to trace him so he'll not try over and over again on a single address ... once the delay is passed... check the lists again to see if his IP address is not on the blacklists, and if so... pass the mail

When we talk to other people we use a world of implicit communication that conveys trust and connection - often the tone of our voice, and its rhythm and pattern help establish that tone. For example, James Earl Jones , an actor whose voice is deep and rhythmic - often conveys a sense of authority when he speaks.

We have learned, over time, to read those signals and constantly update our decision matrix. Communication is a huge element of our society. We have allowed elements of our global community and network community to sabotage this, for far too long.

Spammers, unlike people,attempt nearly simultaneous delivery attempts to a large number of different recipients from the same IP address or group of IP addresses, from which no (or very little) previous traffic had ever been observed. This attribute means that they are not really communicating. Like a self satisfied woman, who simply speaks to hear herself talk - spamford is always addressing an invisible audience. What happens if the audience talks back?

Read more.