Brian's Waste of Time

Wed, 23 Jul 2003

Spam From the Other Side
Well, not as a spammer, but as a business that has legitimate email blocked by a spam filter. Today was a sad day, I had to sit down with one of our sales people and figure out how to get the notes from a conference call past the spam filter belonging to one of our customers. The problem is that it wasn't terribly difficult (especially when said customer uses SpamAssassin and includes the point breakdown in the bounce message).

So, instead of weeding through and figuring out how to block the hundreds of emails I get daily (and tuning the company filters to block the thousands we get daily) I had to think like the spammer and figure out how to get sales related material that included tables and fancy RTF/HTML formatting through what is a very good spam filter. It was sort of fun, and as I mentioned, way too easy.

So I am now stuck thinking about a solution and it comes back to the PGP web of trust. It should be decentralized - central monitors don't scale. It needs to allow valid commercial email (ie, notes from a conference call during the sales process) through. It needs to block invalid email. The last two are bloody tough, and as has been proven, pretty much impossible under current systems.

The web of trust and strong identities seem like a good option - but various companies have tried and failed to build systems around every email being signed. You still, also, need to deal with situations where you don't have someone's public key and they need to email you. PGP solved this years ago.

0 writebacks [/work] permanent link