Passive Spam Revocation

Passive Spam Revocation (PSR)

Currently almost all mail systems (e.g. Hotmail and Gmail) use a spam
filter, which can drop good and important messages.

I propose an optional feature for current mail systems. The main idea
is if a message is considered spam, this spam status can be tracked by
the sender (but not sent to him directly, as the From field can be
faked). The message can be re-marked as "not spam" if the sender can
solve a CAPTCHA.

STEP 1: A is going to send B a message. A's mail client generates a
random code and puts it in a custom field in the outgoing message's
header:
    Code: <random code>
STEP 2: A's mail client sends the message, waits 30 seconds, and then visits:
    https://spamstatus.<B's mail domain>/?msgid=<Message-ID>&code=<Code>
This page displays one of these possible "spam statuses":
    * MESSAGE CONSIDERED SPAM. (A CAPTCHA is also presented below.)
    * MESSAGE CONSIDERED NOT SPAM.
    * PENDING. PLEASE TRY AGAIN LATER.
    * All other responses mean B's mail system doesn't support this feature.
In the first case, A's mail client will report the status and the
CAPTCHA to A. A can choose to solve the CAPTCHA to prove the message
is not spam.

Like the idea? Here is the official Google group for it:
http://groups.google.com/group/passive-spam-revocation

Regards,
Yao Ziyuan
http://sites.google.com/site/yaoziyuan/

--
## List details at http://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##

On Mon, 2009-10-26 at 09:32 +0800, Yao Ziyuan wrote:

> I propose an optional feature for current mail systems. The main idea
> is if a message is considered spam, this spam status can be tracked by
> the sender (but not sent to him directly, as the From field can be
> faked).

Umm, that's what error codes and error texts exist for. Legit mail
servers will send the error message from the target back to their
client. Now, if there was an effort to formalise an error code for this,
that might be useful.

This idea is dumb as it requires extra work beforehand. 30 seconds are
also way too low.

johannes


--
## List details at http://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##

On 26/10/09 01:32, Yao Ziyuan wrote:
> Currently almost all mail systems (e.g. Hotmail and Gmail) use a spam
> filter, which can drop good and important messages.

Only by flawed design. There's a 5xx SMTP response which could very
clearly indicate that it was spam.

> In the first case, A's mail client will report the status and the
> CAPTCHA to A. A can choose to solve the CAPTCHA to prove the message
> is not spam.
 
This only proves that a human or sophisticated program solved the CAPTCHA.

--
Simon Arlott


--
## List details at http://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##

On Mon, 2009-10-26 at 07:42 +0000, Simon Arlott wrote:
> On 26/10/09 01:32, Yao Ziyuan wrote:
> > Currently almost all mail systems (e.g. Hotmail and Gmail) use a spam
> > filter, which can drop good and important messages.
>
> Only by flawed design. There's a 5xx SMTP response which could very
> clearly indicate that it was spam.

I do this -- and I find that unfortunately some upstream servers
(especially large hosters) don't display the message to their users. So
far I've gotten away with calling it their problem, since due to good
safeguard measures so far it has happened in only two instances (that I
know of) in a few years of operation that good mail was rejected by the
system.

I wonder -- a quick search showed me rfc 3463, but I never heard of that
before -- does anything implement that?

johannes


--
## List details at http://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##

On Mon, Oct 26, 2009 at 9:32 AM, Yao Ziyuan <yaoziyuan@...> wrote:
Showing a message's spam status to the sender can be bad, if he is
really a spammer. So the page can also return:
    * SPAM STATUS HIDDEN. (A CAPTCHA is also presented below.)
This means the sender can solve the CAPTCHA to see the status and
change it to NOT SPAM.

>
> Like the idea? Here is the official Google group for it:
> http://groups.google.com/group/passive-spam-revocation
>
> Regards,
> Yao Ziyuan
> http://sites.google.com/site/yaoziyuan/
>

--
## List details at http://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##

Yao Ziyuan wrote:

>
> Showing a message's spam status to the sender can be bad, if he is
> really a spammer. So the page can also return:
>     * SPAM STATUS HIDDEN. (A CAPTCHA is also presented below.)
> This means the sender can solve the CAPTCHA to see the status and
> change it to NOT SPAM.
>

So does that mean that you will send a captcha to every user sending a
mail? And for each mail sent, you will have to fill the captcha?


--
## List details at http://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##

Yao Ziyuan wrote: Then, if the sender receives the captcha, he knows it has been
categorized as spam, so he does not have to solve the captcha to know that.


--
## List details at http://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##