Re: a Message-ID proposal
Cameron Simpson <cs@xxxxxxxxxx>:
> Instead, why not just log the message-ids of your outgoing messages and
> use that table. Then you don't need special knowledge of a standard that
> might change or be ill-documented etc.
I could record the Message-IDs of outgoing messages, but my outgoing
messages don't go via the server on which I want to do spam filtering,
so I'd have to do some remote database access, which would be harder
to implement and more likely to stop working than the MAC approach.
Since I don't have a shell account on the server it might not be easy
to implement such a system securely, either, though I suppose in the
worst case I could always access the database via a CGI script in
which I implement my own crypto ...
Since only I have to be able to recognise my own Message-IDs, I don't
have to worry about standards. If I want to change the system, I can
just let my filtering program recognise both systems during a period
of transition. That's what I'm doing at present: currently I recognise
both the Message-IDs with MAC and the normal mutt Message-IDs. In a
few weeks time I will disable recognition of normal mutt Message-IDs.
Presumably I'd do the same thing if I changed my secret key.
I admit that the whole thing seems like using a sledgehammer to crack
a nut. That's because I'm the only person using it. Spammers are not
interested in circumventing a system that only a few people are using.
However, the MAC idea should work even if Hotmail, MSN and Yahoo
adopted it and spammers were motivated to circumvent it. Checking MACs
is presumably cheaper than having a database even if everything is
happening on the server.