> One problem with this is handling wildcarded addresses. How do you indicate > (say) lyndon+* is allowable in a bloom filter, where the '+' is an > arbitrary (to the upstream) symbol.
Tell the accepting site to strip +* from all the email addresses before checking. There aren't that many cases like that. + is the canonical one. > spammers have a solution to this. they send to random hashes, > e.g. > > ladd Nov 13 04:08:12 Disallowed gossinternational.com!ruiohfsd > (gossinternational.com/124.172.212.142) to blocked name > quanstro.net!b94cd358e11d3ffb43628c10bc786087 > > i think the idea of spooling email is largely discredited. > it opens up the possiblity for backscatter spam, or the lack of > delivery rejection notification. either one is not good. i think the > acepting smtp server has to be in a position to make a definitive > decision on disposition. (sorry.) The solution I described (a Bloom filter of all the valid addresses) would work fine for this. An optimally sized Bloom filter requires about 4.8 bits per power of ten per address. If you want a 1 in 1000 chance of a spammy address getting through and have n valid addresses, you need to a Bloom filter of size 3 * 4.8 * n = 14.4n bits. Russ
